| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 4658 |
tcp,udp |
playsta2-app |
not scanned |
PlayStation2 App Port, PS3 NHL2K7 |
| 4659 |
tcp,udp |
playsta2-lob |
not scanned |
PlayStation2 Lobby Port
Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.
References: [CVE-2011-5003], [BID-50843] |
| 4661 |
tcp |
trojans |
Members scan |
Trojan.Gamqowi [Symantec-2005-102012-4020-99] (2005.10.20) - a backdoor trojan that lowers security settings on the compromised computer. It blocks access to some security-related websites, and attempts to end security-related processes. Opens a backdoor and listens for remote commands by connecting to an IRC server on port 4661/tcp.
Nemog backdoor (discovered 2004.08.16) - a backdoor trojan horse that allows an infected computer to be used as an email relay and HTTP proxy, dropped by W32.Mydoom.Q@mm.
It can use one of the following ports: 3306,4242,4646,4661,6565,8080
Port used by aMule and eMule p2p file sharing (eDonkey server default listening port). eMule p2p file sharing software uses ports 4661/tcp, 4662/tcp, 4665/udp, 4672/udp, 4711/tcp (web interface) by default. Some versions of this P2P client are vulnerable to a DecodeBase16 buffer overflow. |
| 4662 |
tcp |
edonkey |
Members scan |
eDonkey 2000 P2P file sharing service.
Applications that use this port: Overnet P2P Server, Pruna, eMule
eMule p2p file sharing software uses ports 4661/tcp, 4662/tcp, 4665/udp, 4672/udp, 4711/tcp (web interface) by default. Some versions of this P2P client are vulnerable to a DecodeBase16 buffer overflow, which would allow an attacker to execute arbitrary code.
IANA registered for: OrbitNet Message Service |
| 4663 |
tcp |
eDonkey2000 |
not scanned |
eDonkey2000 Command Line Client, Note It! Message Service |
| 4664 |
tcp |
Google |
Basic scan |
Port used by Google desktop's built-in HTTP server / indexing software.
Port also used by Rimage Messaging Server. Port is responsible for providing the underlying foundation for the transaction among its clients and the messaging server. The network port 4664 is used for the transmission of messaging server alerts, errors and order requests. The initialization of this system port is normally done for version 8 and higher of the Rimage software.
Port also used by: Trojan-Downloader.Win32.Banload.nrd |
| 4665 |
udp |
eDonkey2000 |
not scanned |
eDonkey2000 Server Messaging Default Port. eMule p2p file sharing software uses ports 4661/tcp, 4662/tcp, 4665/udp, 4672/udp, 4711/tcp (web interface) by default. Some versions of this P2P client are vulnerable to a DecodeBase16 buffer overflow, which would allow an attacker to execute arbitrary code.
Container Client Message Service
AudioReQuest |
| 4665 |
tcp |
applications |
not scanned |
Tardis Beacon Tcp-control of first worm that re-writes time by compiling from code in cleartext. |
| 4666 |
tcp |
trojan |
Premium scan |
Mneah trojan |
| 4672 |
udp |
emule |
not scanned |
eMule p2p file sharing software uses ports 4661/tcp, 4662/tcp, 4665/udp, 4672/udp, 4711/tcp (web interface) by default. Some versions of this P2P client are vulnerable to a DecodeBase16 buffer overflow, which would allow an attacker to execute arbitrary code. |
| 4700 |
tcp |
trojan |
Premium scan |
Theef |
| 4703 |
tcp |
npqes-test |
not scanned |
Network Performance Quality Evaluation System Test Service |
| 4704 |
tcp |
assuria-ins |
not scanned |
Assuria Insider |
| 4711 |
tcp |
emule |
Premium scan |
McAfee Web Gateway 7 - Default GUI HTTP port
eMule p2p file sharing software uses ports 4661/tcp, 4662/tcp, 4665/udp, 4672/udp, 4711/tcp (web interface) by default. Some versions of this P2P client are vulnerable to a DecodeBase16 buffer overflow, which would allow an attacker to execute arbitrary code.
Battlefield 2142 (Game) remote console
IANA registered for: Trinity Trust Network Node Communication (TCP/UDP/SCTP) |
| 4711 |
udp |
trojan |
not scanned |
Olfactor trojan horse |
| 4712 |
tcp |
amule |
not scanned |
McAfee Web Gateway 7 - Default GUI HTTPS port
aMule internal connection port - used to communicate aMule with other applications such as aMule WebServer or aMuleCMD.
|
| 4713 |
tcp |
applications |
not scanned |
PulseAudio sound server |
| 4723 |
tcp |
applications |
not scanned |
Appium open source automation tool |
| 4724 |
tcp |
applications |
not scanned |
Default bootstap port to use on device to talk to Appium |
| 4725 |
tcp,udp |
truckstar |
not scanned |
IANA registered for: TruckStar Service |
| 4726 |
tcp,udp |
applications |
not scanned |
Port Reporter, Mbone |
| 4728 |
tcp |
applications |
not scanned |
IANA registered for: Computer Associates Desktop and Server Management (DMP)/Port Multiplexer |
| 4730 |
tcp,udp |
gearman |
not scanned |
Gearman Job Queue System (IANA registered) |
| 4732 |
udp |
ohmtrigger |
not scanned |
OHM server trigger |
| 4733 |
tcp |
resorcs |
not scanned |
RES Orchestration Catalog Services |
| 4739 |
tcp,udp,sctp |
ipfix |
not scanned |
IP Flow Info Export
Citrix NetScaler appliance Insight Center/Netscaler MAS uses port 4739 UDP for AppFlow communication |
| 4746 |
udp |
intelliadm-disc |
not scanned |
IANA registered for: IntelliAdmin Discovery |
| 4747 |
tcp |
applications |
not scanned |
Apprentice, Azureus, Glassfish, AppletView |
| 4747 |
udp |
pgp |
not scanned |
peer-to-peer file exchange protocol (IANA official)
PGP Secure Phone Data Stream
PlayLink online game also uses port 4747 |
| 4748 |
tcp,udp |
games |
not scanned |
PlayLink online game |
| 4750 |
tcp |
|
not scanned |
BladeLogic Agent
QlikView (Business Intelligence software)
Simple Service Auto Discovery (IANA official) |
| 4751 |
tcp |
trojan |
Premium scan |
Beagle.U |
| 4753 |
tcp,udp |
simon |
not scanned |
Simple Invocation of Methods Over Network (SIMON) [Alexander_Christian] (IANA official) |
| 4754 |
udp |
gre-in-udp |
not scanned |
IANA registered for: GRE-in-UDP Encapsulation |
| 4755 |
udp |
games |
not scanned |
Battlefield Vietnam
IANA registered for: GRE-in-UDP Encapsulation with DTLS |
| 4756 |
tcp |
RDCenter |
not scanned |
IANA registered for: Reticle Decision Center |
| 4757 |
tcp,udp |
applications |
not scanned |
Select Studios Official Servers |
| 4774 |
tcp,udp |
applications |
not scanned |
Amcheck, aMule
IANA registered for: Converge RPC (TCP) |
| 4778 |
tcp |
trojans |
Premium scan |
Backdoor.Remnet [Symantec-2004-061314-1329-99] (2004.06.13) - a backdoor trojan that allows unauthorized remote access. By default, Backdoor.Remnet listens on TCP port 4778. |
| 4783 |
tcp,udp |
applications |
not scanned |
Windows Socket Control, Backup Exec |
| 4785 |
udp |
cncp |
not scanned |
Cisco Nexus Control Protocol |
| 4786 |
tcp |
smart-install |
not scanned |
Smart Install Service
Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.
References: [CVE-2011-3271], [BID-49828]
Cisco IOS and Cisco IOS XE are vulnerable to a denial of service, caused by the improper handling of image list parameters by the Smart Install client feature. By sending specially crafted Smart Install packets to TCP port 4786, a remote attacker could exploit this vulnerability to cause a Cisco Catalyst switch to reload.
References: [CVE-2016-1349] [XFDB-111744]
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.
References: [CVE-2018-0171], [BID-103538]
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
References: [CVE-2018-0156], [BID-103569] |
| 4787 |
tcp |
sia-ctrl-plane |
not scanned |
Service Insertion Architecture (SIA) Control-Plane |
| 4788 |
tcp |
xmcp |
not scanned |
eXtensible Messaging Client Protocol [Cisco] (IANA official) |
| 4789 |
udp |
vxlan |
not scanned |
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution. overlayd runs by default in MX Series, ACX Series, and QFX Series platforms. The SRX Series does not support VXLAN and is therefore not vulnerable to this issue. Other platforms are also vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1.
References: [CVE-2021-0254]
Virtual eXtensible Local Area Network (VXLAN) (IANA official) [RFC 7348] |
| 4791 |
udp |
roce |
not scanned |
IANA registered for: IP Routable RocE (RoCEv2) |
| 4792 |
tcp,udp |
unified-bus |
not scanned |
IP Routable Unified Bus (IANA official) |
| 4795 |
tcp,udp |
applications |
not scanned |
DB2, Limewire |
| 4797 |
tcp,udp |
applications |
not scanned |
Integrated Process Server, ProFTPD |
| 4800 |
tcp,udp |
iims |
not scanned |
Deloder Worm can run a backdoor on ports 4800 and 4900.
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.
References: [CVE-2020-12117], [XFDB-181354]
IANA Registered for: Icona Instant Messenging System |
| 4803 |
tcp,udp |
notateit-disc |
not scanned |
Notateit Messaging Discovery
Vertica (big data analytics platform) uses the following ports:
22 TCP sshd admin tools and management console
4803 TCP/UDP - Spread client connections
4804 UDP - Spread daemon connections
5433 TCP - Vertica client (vsql, ODBC, JDBC, etc) port
5433 UDP - Vertica spread monitoring
5434 TCP - Vertica intra- and inter-cluster communication
5444 TCP - Vertica management console
5450 TCP - Vertica management console
6543 UDP - Spread monitor to daemon connection
|
| 4804 |
udp |
aja-ntv4-disc |
not scanned |
AJA ntv4 Video System Discovery
Vertica (big data analytics platform) uses the following ports:
22 TCP sshd admin tools and management console
4803 TCP/UDP - Spread client connections
4804 UDP - Spread daemon connections
5433 TCP - Vertica client (vsql, ODBC, JDBC, etc) port
5433 UDP - Vertica spread monitoring
5434 TCP - Vertica intra- and inter-cluster communication
5444 TCP - Vertica management console
5450 TCP - Vertica management console
6543 UDP - Spread monitor to daemon connection |
| 4808 |
tcp |
games |
not scanned |
Command and Conquer Renegade, Emperor Battle for Dune, Nox (TCP/UDP)
Xwis server also uses port 4808 (TCP/UDP) |
| 4810 |
tcp |
games |
not scanned |
Command and Conquer Renegade, Emperor Battle for Dune, Nox (TCP/UDP)
Xwis server also uses port 4810 (TCP/UDP) |
| 4811 |
tcp,udp |
applications |
not scanned |
TimeTracker |
| 4820 |
tcp |
trojan |
Premium scan |
Backdoor.tuxder [Symantec-2004-012016-2920-99]
Backdoor.Win32.Redkod.d / Weak Hardcoded Credentials - the malware listens on TCP port 4820. Authentication is required, however the password "redkod" is weak and hardcoded in cleartext within the PE file.
References: [MVID-2022-0649] |
| 4827 |
tcp,udp |
htcp |
not scanned |
IANA registered for: HTCP |
| 4833 |
tcp,udp |
applications |
not scanned |
James, Novell |
| 4836 |
tcp |
trojans |
Premium scan |
Buttman, Power |
| 4837 |
tcp,udp |
varadero-0 |
not scanned |
Varadero-0
Buttman trojan also uses this port (TCP). |
| 4838 |
tcp,udp |
varadero-1 |
not scanned |
Varadero-1 |
| 4839 |
tcp,udp |
varadero-2 |
not scanned |
varadero-2 |
| 4840 |
tcp |
applications |
not scanned |
Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840.
References: [CVE-2011-4873], [BID-51553]
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker.
References: [CVE-2017-12069], [BID-100559]
A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions >= V2.5), SIMATIC S7-1500 Software Controller (All versions >= V2.5), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Comfort (All versions), SIMATIC WinCC Runtime HSP Comfort (All versions), SIMATIC WinCC Runtime Mobile (All versions), SINEC-NMS (All versions), SINEMA Server (All versions), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known.
References: [CVE-2019-6575]
OPC UA Connection Protocol (IANA registered) |
| 4840 |
udp |
opcua-udp |
not scanned |
OPC UA Multicast Datagram Protocol (IANA registered) |
| 4842 |
tcp,udp |
gw-asv |
not scanned |
IANA registered for: nCode ICE-flow Library AppServer |
| 4843 |
tcp,udp |
opcua-tls |
not scanned |
OPC UA TCP Protocol over TLS/SSL (IANA registered) |
| 4847 |
tcp,udp |
wfc |
not scanned |
Quadrion Software & Odorless Entertainment
IANA registered for: Web Fresh Communication |
| 4848 |
tcp,udp |
appserv-http |
not scanned |
App Server - Admin HTTP
An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.
References: [CVE-2020-10537] |
| 4849 |
tcp,udp |
appserv-https |
not scanned |
App Server - Admin HTTPS |
| 4867 |
tcp,udp |
unify-debug |
not scanned |
IANA registered for: Unify Debugger |
| 4868 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
References: [CVE-2013-2687] |
| 4868 |
udp |
applications |
not scanned |
Multiple QNX products is vulnerable to a buffer overflow, caused by improper bounds checking by copying the large input buffer to a small output buffer when handling the device file. By sending a specially-crafted request to UDP port 4868, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2013-2688] [XFDB-85524] [BID-61023] |
| 4871 |
tcp,udp |
games |
not scanned |
3-In-A-Bed: Darts (3INABED) - Gary Simpson |
| 4876 |
tcp,udp |
tritium-can |
not scanned |
IANA registered for: Tritium CAN Bus Bridge Service |
| 4877 |
tcp,udp |
lmcs |
not scanned |
IANA registered for: Lighting Management Control System |
| 4878 |
udp |
inst-discovery |
not scanned |
IANA registered for: Agilent Instrument Discovery |
| 4879 |
tcp |
wsdl-event |
not scanned |
IANA registered for: WSDL Event Receiver |
| 4880 |
tcp |
hislip |
not scanned |
IVI High-Speed LAN Instrument Protocol |
| 4881 |
udp |
socp-t |
not scanned |
SOCP Time Synchronization Protocol |
| 4882 |
udp |
socp-c |
not scanned |
SOCP Control Protocol |
| 4883 |
tcp |
wmlserver |
not scanned |
Meier-Phelps License Server |
| 4888 |
tcp |
trojans |
Premium scan |
W32.Opanki [Symantec-2005-051810-1834-99] (2005.05.18) - IRC worm that spreads through AOL Instant Messenger. Connects to ftpd.there3d.com on port 4888/tcp and opens a backdoor for remote access.
Port also used by the W32.Opanki.D [Symantec-2005-072112-0816-99] variant of the worm.
Applications that use this port: IPNAT, Veritas Storage
IANA registered for: xcap code analysis portal public user access |
| 4889 |
tcp |
xcap-control |
not scanned |
IANA registered for: xcap code analysis portal cluster control and administration |
| 4890 |
tcp,udp |
applications |
Premium scan |
Malicious Services: W32/ Stration (worm)
Applications: Linux Gateway |
| 4891 |
tcp |
worm |
Premium scan |
W32.Mytob |
| 4894 |
tcp,udp |
lyskom |
not scanned |
IANA registered for: LysKOM Protocol A |
| 4899 |
tcp |
radmin |
Premium scan |
Radmin (Fama Tech) - remote administration of PCs. Some potenital vulnerabilities, see Radmin Default Installation Security vulnerabilities.
Worms using this port: Win32/ Agobot Family, W32.Rahack |
| 4900 |
tcp,udp |
hfcs |
not scanned |
Deloder Worm can run a backdoor on ports 4800 and 4900.
IANA registered for: Hyper File Client/Server Database Engine |
| 4903 |
tcp |
threat |
Premium scan |
Common Port for phishing scam sites |
| 4912 |
tcp |
trojans |
Premium scan |
Backdoor.Mirab [Symantec-2002-062114-0920-99] (2002.06.21) - remote access trojan. Affects all current Windows versions. It uses port 4912 for direct control and port 6430 for file transfer by default. |
| 4915 |
tcp |
worm |
not scanned |
W32.Woredbot [Symantec-2006-082910-4034-99] (2006.08.28) - a network-aware worm with back door capabilities. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin [MS06-040]).
Fibics Remote Control Service also uses this port |
| 4944 |
udp |
applications |
not scanned |
DrayTek DSL Status Monitoring |
| 4949 |
tcp,udp |
munin |
Premium scan |
Worms using this port: Win32.IRCBot, WORM_DELF.AYF
IANA registered for: Munin Graphing Framework |
| 4950 |
tcp |
trojan |
Premium scan |
Cylon Controls UC32 Communications Port (TCP/UDP)
ICQTrojan also uses this port
IANA registered for: Sybase Server Monitor (TCP/UDP) |
| 4950 |
udp |
games |
not scanned |
Warframe game uses ports 4950/UDP and 4955/UDP by default |
| 4953 |
tcp |
dbsyncarbiter |
not scanned |
Synchronization Arbiter |
| 4955 |
udp |
games |
not scanned |
Warframe game uses ports 4950/UDP and 4955/UDP by default |
| 4969 |
tcp,udp |
ccss-qmm |
not scanned |
CCSS QMessageMonitor |
| 4970 |
tcp,udp |
ccss-qsm |
not scanned |
CCSS QSystemMonitor |
| 4971 |
tcp |
burp |
not scanned |
IANA registered for: BackUp and Restore Program |
