| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 8331 |
tcp |
applications |
not scanned |
MultiBit |
| 8332 |
tcp |
bitcoin |
not scanned |
IANA registered for: Bitcoin JSON-RPC server |
| 8333 |
tcp |
applications |
Premium scan |
Bitcoin cryptocurrency uses port 8333. (Bitcoin Testnet uses 18333 instead)
Common cryptocurrency ports (TCP):
Bitcoin: 8333
Litecoin: 9333
Dash: 9999
Dogecoin: 22556
Ethereum: 30303
VMware Server Management User Interface , Y-cam Wireless IP Camera |
| 8334 |
tcp |
applications |
not scanned |
Filestash server |
| 8337 |
tcp |
applications |
not scanned |
VisualSVN Distributed File System Service (VDFS) |
| 8347 |
tcp |
sophos |
not scanned |
Sophos Security Heartbeat updates uses port 8347 |
| 8372 |
tcp |
trojan |
Premium scan |
NetBoy trojan |
| 8376 |
tcp,udp |
cruise-enum |
not scanned |
Vulnerability in CounterPath eyeBeam can cause a DoS (Denial of Service) and potentially compromise a user's system. The vulnerability is caused due to a boundary error when handling malformed SIP packets. This can be exploited to cause heap corruption, which crashes the application and may allow arbitrary code execution via specially crafted SIP packets sent to port 8376/udp.
References: [CVE-2006-0359] [SECUNIA-18516]
IANA registered for Cruise ENUM |
| 8379 |
tcp,udp |
trojans |
Premium scan |
Backdoor.Binghe [Symantec-2005-030215-5059-99] (2005.03.02) - a back door Trojan horse program that allows unauthorized access to a compromised computer. The Trojan logs keystrokes, steals information, and has ability to execute programs. Opens a back door on TCP ports 8848 and 8379, and UDP port 8379. |
| 8383 |
tcp |
imail www |
not scanned |
IPSwitch IMail admin port, IPSwitch IMail http frontend
IPSwitch IMail is an e-mail server which provides WWW (HTTP) E-mail services. By default this web service resides on port 8181 (TCP/UDP) or 8383 (TCP/UDP). Sending an HTTP request with an extremely long "HOST" field multiple times can cause the system hosting the service to become unresponsive. Each long request "kills" a thread without freeing up the memory used by it. By repeating this request, the system's resources can be used up completely.
References: [BID-2011] |
| 8384 |
udp |
marathontp |
not scanned |
Marathon Transport Protocol (IANA official) |
| 8384 |
tcp |
applications |
not scanned |
Syncthing uses the following ports:
8384/TCP - web GUI
22000/TCP - listening port
21027/UDP - discovery broadcasts on IPv4, multicasts on IPv6. |
| 8388 |
tcp |
applications |
not scanned |
Shadowsocks proxy server |
| 8393-8400 |
tcp |
maestro |
not scanned |
League of Legends game uses the following ports:
5000 - 5500 UDP - League of Legends Game Client
8393 - 8400 TCP - Patcher and Maestro
2099 TCP - PVP.Net
5222 TCP - PVP.Net
5223 TCP - PVP.Net
80 TCP - HTTP Connections
443 TCP - HTTPS Connections |
| 8400 |
tcp,udp |
cvd |
not scanned |
cvp, Commvault Unified Data Management
IANA registered for: cvd |
| 8401 |
tcp |
sqladmin |
not scanned |
Plesk sqladmin (Windows) uses port 8401/tcp |
| 8404 |
tcp |
svcloud |
not scanned |
Microsoft Lync server uses these ports:
444, 445, 448, 881, 5041, 5060 - 5087, 8404 TCP
80, 135, 443, 4443, 8060, 8061, 8080 TCP - standard ports and HTTP(s) traffic
1434 UDP - SQL
49152-57500 TCP/UDP - media ports
SuperVault Cloud [Nine Technology LLC] (IANA official) |
| 8405 |
tcp |
svbackup |
not scanned |
SuperVault Backup [Nine Technology LLC] (IANA official) |
| 8415 |
tcp |
dlpx-sp |
not scanned |
Delphix Session Protocol [Delphix_Corp] (IANA official) |
| 8423 |
tcp |
aritts |
not scanned |
IANA registered for: Aristech text-to-speech server |
| 8432 |
tcp |
pgbackrest |
not scanned |
PostgreSQL Backup (IANA official) |
| 8433 |
udp |
aws-as2 |
not scanned |
Non Persistent Desktop and Application Streaming (IANA official) |
| 8442 |
tcp,udp |
cybro-a-bus |
not scanned |
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.)
References: [CVE-2020-11631]
IANA registered for: CyBro A-bus Protocol |
| 8443 |
tcp |
applications |
Members scan |
Common alternative HTTPS port.
PCSync HTTPS (SSL), SW Soft Plesk Control Panel, Apache Tomcat SSL, iCal service (SSL), Cisco WaaS Central Manager (SSL administration port), Promise WebPAM SSL
Ubiquiti UniFi Controller uses these ports:
8080 tcp - http port for UAP to inform controller
8443 tcp - https port for controller GUI/API
8880 tcp - http portal redirect port (may also use ports 8881, 8882)
8843 tcp - https portal redirect port
3478 udp - STUN port (should be open at firewall)
Cisco WaaS Central Manager standard SSL administration port.
Cisco Spark application (Cisco Webex Teams services) uses these ports:
443, 8443 TCP - signaling
5004 TCP/UDP - media
33434 TCP/UDP - media port
Note: older versions of Cisco Webex Teams services may use these additional ports: 53, 123, 444 TCP and 33434-33598 UDP (SIP calls)
German Health Getwork (aka Gesundheitskarte) "Konnektor" uses ports 8443 and 9443.
Tanium Server, Client and Appliance use these TCP ports: 80, 443, 8443, 17472, 17477
Wyze cameras use these ports:
80, 443 TCP/UDP - timelapse, cloud uploads, streaming data
8443 TCP - cloud api, server connection
123 TCP - time check
10001 TCP - P2P WiFi live streaming
10002 TCP - Firmware updates
22345 TCP - control, used when live streaming
Cyclops Blink Botnet uses these ports. The malware has targeted governments, WatchGuard firewalls, ASUS routers, etc., it is active as of March 2022, and it is believed to be operated by the Sandworm threat group linked to Russian intelligence. Cyclops Blink botnet malware uses the following TCP ports: 636, 989, 990, 992, 994, 995, 3269, 8443
Symantec Endpoint Protection Manager could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the SAP XML parser when processing XML data. By sending a specially-crafted request to TCP port 8443, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information.
References: [XFDB-91102], [EDB-31853], [EDB-31917]
Symantec Backup Exec System Recovery Manager could allow a remote attacker to upload arbitrary files, caused by an error in the FileUpload Class running on the Symantec LiveState Apache Tomcat server. A remote attacker could exploit this vulnerability using an HTTP POST request over port 8443 (TCP) to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable system with SYSTEM privileges.
References: [XFDB-40260]
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
References: [CVE-2021-22002] |
| 8444 |
tcp |
bitmessage |
not scanned |
Bitmessage p2p encrypted communication protocol uses this port by default
Chia |
| 8445 |
tcp |
copy |
not scanned |
Port for copy peer sync feature [Copy] (IANA official)
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.
References: [CVE-2016-5306], [BID-91449], [XFDB-114609] |
| 8445 |
udp |
copy-disc |
not scanned |
Port for copy discovery [Copy] (IANA official) |
| 8448 |
tcp,udp |
matrix |
Premium scan |
Matrix protocol (open source decentralized real-time communication over IP) uses port 8448. |
| 8453 |
tcp |
applications |
not scanned |
EMC Data Protection Advisor could allow a remote attacker to execute arbitrary code on the system, caused by an error in the exposed EJBInvokerServlet servlet within the DPA_Illuminator.exe service. By sending a specially-crafted object to TCP ports 8090 or 8453, an attacker could exploit this vulnerability to execute arbitrary code NT AUTHORITY\SYSTEM privileges.
References: [XFDB-89534], [EDB-30211] |
| 8457 |
tcp |
nexentamv |
not scanned |
Nexenta Management GUI [Nexenta] (IANA official) |
| 8469 |
tcp,udp |
games |
not scanned |
Dyson Sphere Program (Game) with the multiplayer mod Nebula uses port 8469 |
| 8471 |
tcp,sctp |
pim-port |
not scanned |
PIM over Reliable Transport [IESG] [RFC 6559] (IANA official) |
| 8488 |
udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 8489 |
udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 8500 |
tcp |
Macromedia |
not scanned |
Ethersphere Swarm (distributed storage and communication system) uses these ports:
6060, 6831 tcp - pprof debugging http server
8500, 8545 tcp - web access http api
Macromedia ColdFusion MX Server (Edition 6) uses port 8500 to allow remote access as Web server
Rumble Fighter uses this ports 7000-8500 (TCP/UDP) |
| 8500 |
udp |
applications |
not scanned |
Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, a.k.a. bug ID CSCsg60949.
References: [CVE-2007-1826], [CVE-2007-1834], [BID-23181], [SECUNIA-24690]
Port is also IANA registered for Flight Message Transfer Protocol |
| 8501 |
tcp |
cmtp-mgt |
not scanned |
DukesterX - default
Streamlit Open-source Python framework for machine learning and data science
CYTEL Message Transfer Management (IANA official) |
| 8501 |
udp |
cmtp-av |
not scanned |
CYTEL Message Transfer Audio and Video (IANA official) |
| 8502 |
tcp |
ftnmtp |
not scanned |
FTN Message Transfer Protocol (IANA official) |
| 8503 |
udp |
lsp-self-ping |
not scanned |
MPLS LSP Self-Ping (IANA official) |
| 8521 |
tcp |
njrat |
not scanned |
njRAT remote access malware - default port is 1177, may also use ports 8008 and 8521. |
| 8536 |
tcp |
malware |
not scanned |
Backdoor.Win32.Autocrat.b / Weak Hardcoded Credentials - the malware is packed with PeCompact, listens on TCP port 8536 and requires authentication. However, the password "autocrat" is weak and hardcoded within the PE file. Unpacking the executable, easily reveals the cleartext password.
References: [MVID-2022-0660] |
| 8543 |
tcp |
applications |
not scanned |
Ubiquiti Cloud Access uses the following ports:
80/tcp
3478/udp
8543/tcp
11143/tcp
MatrikonOPC could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to TCP port 8543 containing "dot dot" sequences (/../) when the Health Monitor service is running to view arbitrary files on the system.
References: [CVE-2013-0673] [XFDB-83858] [BID-59528]
|
| 8545 |
tcp |
json |
not scanned |
JSON RPC default port
Ethersphere Swarm (distributed storage and communication system) uses these ports:
6060, 6831 tcp - pprof debugging http server
8500, 8545 tcp - web access http api |
| 8546 |
tcp |
trojans |
Members scan |
Backdoor.Berbew [Symantec-2003-071616-0350-99] (2003.07.16) - a backdoor trojan horse that steals passwords, may open ports 7714 and 8546. |
| 8550 |
tcp,udp |
4psa |
not scanned |
Primary/Master 4PSA DNS Manager server - http://www.4psa.com/
Port is used for master/slave connection between servers, also uses ports 53 and 953 tcp/udp. |
| 8554 |
tcp,udp |
applications |
not scanned |
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network.
References: [CVE-2024-51362] |
| 8555 |
tcp |
applications |
not scanned |
Symantec DLP OCR Engine
Chia JSON-RPC server |
| 8563 |
tcp |
trojans |
Members scan |
W32.Zotob.H [Symantec-2005-081717-2017-99] (2005.08.17) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability ([MS05-039]) on port 445/tcp. It runs and spreads using all current Windows versions, but only infects Windows 2000.
The worm connects to IRC servers and listens for remote commands on port 6667/tcp. It opens port 69/udp to initiate TFTP transfers. It also opens a backdoor on remote compromised computers on port 8563/tcp. |
| 8567 |
tcp,udp |
enc-tunnel |
not scanned |
EMIT tunneling protocol [Panasonic_Intranet_Panasonic_North_America_PEWLA] (IANA official) |
| 8585 |
tcp |
applications |
Premium scan |
inSpeak Communicator
MapleStory Game Server
Trojan.Dosvine (TCP) [Symantec-2010-033116-1305-99] (2010.03.31) - a trojan horse that may perform malicious activities on the compromised computer. |
| 8586 |
tcp |
applications |
not scanned |
MapleStory Game Server |
| 8587 |
tcp |
applications |
not scanned |
MapleStory Game Server |
| 8588 |
tcp |
applications |
not scanned |
MapleStory Game Server |
| 8589 |
tcp |
applications |
not scanned |
MapleStory Game Server |
| 8594 |
tcp |
trojans |
Basic scan |
W32.Zotob.E [Symantec-2005-081615-4443-99] (2005.08.16) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It runs and spreads using all current Windows versions, but only infects Windows 2000.
The worm connects to IRC servers and listens for remote commands on port 8080/tcp. It opens port 69/udp to initiate TFTP transfers. It also opens a backdoor on remote compromised computers on port 8594/tcp. |
| 8601 |
tcp |
applications |
not scanned |
Wavestore CCTV protocol |
| 8602 |
tcp,udp |
applications |
not scanned |
XBConnect, Wavestore Notification protocol |
| 8609 |
udp |
canon-cpp-disc |
not scanned |
Canon Compact Printer Protocol Discovery [Canon Inc] (IANA official) |
| 8610 |
tcp,udp |
canon-mfnp |
not scanned |
Canon MFNP Service |
| 8611 |
tcp,udp |
canon-bjnp1 |
not scanned |
Canon BJNP Port 1 (IANA official) |
| 8612 |
tcp,udp |
canon-bjnp2 |
not scanned |
Canon BJNP Port 2 (IANA official) |
| 8613 |
tcp,udp |
canon-bjnp3 |
not scanned |
Canon BJNP Port 3 (IANA official) |
| 8614 |
tcp,udp |
canon-bjnp4 |
not scanned |
Canon BJNP Port 4 (IANA official) |
| 8615 |
tcp |
imink |
not scanned |
Imink Service Control [Canon Inc] (IANA official) |
| 8642 |
tcp |
applications |
not scanned |
Lotus Traveller |
| 8665 |
tcp |
monetra |
not scanned |
Backdoor.Win32.Agent.aegg / Weak Hardcoded Credentials - the malware listens on TCP port 8665. Authentication is required, however the password "Xc 2870508" is weak and hardcoded within the PE file.
References: [MVID-2022-0571]
Monetra (IANA official) |
| 8666 |
tcp |
monetra-admin |
not scanned |
IANA registered for: Monetra Administrative Access |
| 8667 |
tcp |
applications |
not scanned |
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
References: [CVE-2018-10201], [EDB-44497] |
| 8668 |
tcp |
spartan |
not scanned |
Spartan management (IANA official) |
| 8675 |
tcp |
msi-cps-rm |
not scanned |
Motorola Solutions Customer Programming Software for Radio Management [Motorola Solutions Inc](IANA official) |
| 8675 |
udp |
msi-cps-rm-disc |
not scanned |
Motorola Solutions Customer Programming Software for Radio Management Discovery [Motorola Solutions Inc] (IANA official) |
| 8685 |
tcp |
trojan |
Premium scan |
Unin68 trojan |
| 8688 |
tcp |
openremote-ctrl |
not scanned |
OpenRemote Controller HTTP/REST [OpenRemote_Inc] (IANA official) |
| 8691 |
tcp |
applications |
not scanned |
Ultra Fractal default server port for distributing calculations over network computers |
| 8701 |
tcp |
applications |
not scanned |
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701.
References: [CVE-2016-2231], [XFDB-110727] |
| 8701 |
udp |
applications |
not scanned |
SoftPerfect Bandwidth Manager |
| 8702 |
udp |
applications |
not scanned |
SoftPerfect Bandwidth Manager |
| 8710 |
tcp |
semi-grpc |
not scanned |
IANA registered for: gRPC for SEMI Standards implementations |
| 8711 |
tcp |
nvc |
not scanned |
Nuance Voice Control [Nuance Communications Inc] (IANA official) |
| 8719 |
tcp |
trojans |
Premium scan |
Backdoor.WinShell.50 [Symantec-2003-080611-0047-99] - remote access trojan, affects all current Windows versions, listens on port 8719. It is an earlier variant of Backdoor.WinShell.50.b [Symantec-2003-081110-5211-99] (port 39581) and usually packed along with Trojan.Stealther.B [Symantec-2003-080716-1231-99]. |
| 8720 |
tcp |
trojan |
Premium scan |
Connection trojan |
| 8728 |
tcp |
mikrotik |
not scanned |
MikroTik RouterOS uses the following ports:
5678/udp - Mikrotik Neighbor Discovery Protocol
6343/tcp - Default OpenFlow port
8080/tcp - HTTP Web Proxy
8291/tcp - Winbox GUI
8728/tcp - API
8729/tcp - API-SSL
20561/udp - MAC Winbox GUI |
| 8729 |
tcp |
mikrotik |
not scanned |
MikroTik RouterOS uses the following ports:
5678/udp - Mikrotik Neighbor Discovery Protocol
6343/tcp - Default OpenFlow port
8080/tcp - HTTP Web Proxy
8291/tcp - Winbox GUI
8728/tcp - API
8729/tcp - API-SSL
20561/udp - MAC Winbox GUI |
| 8732 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 8732 |
udp |
dtp-net |
not scanned |
DASGIP Net Services |
| 8734 |
tcp |
trojan |
Premium scan |
AutoSpY trojan |
| 8750 |
tcp |
dey-keyneg |
not scanned |
DEY Storage Key Negotiation - DEY Storage Systems Inc (IANA official) |
| 8765 |
tcp,udp |
ultraseek-http |
not scanned |
Default port of a local GUN relay peer that the Internet Archive and others use as a decentralized mirror for censorship resistance.
IANA registered for: Ultraseek HTTP |
| 8766 |
tcp,udp |
amcs |
not scanned |
Agilent Connectivity Service - Agilent Technologies Inc (IANA official)
Breach game (UDP) |
| 8767 |
udp |
teamspeak |
Premium scan |
Teamspeak 2 default server port (configurable in server.ini). Program can also use port 51234 for server queries, and port 80/tcp or 14534/tcp for administration. For TS3, see ports 9987/udp, 10011/tcp, 30033/tcp. |
| 8767 |
tcp |
core-of-source |
not scanned |
Online mobile multiplayer game (IANA official) |
| 8768 |
tcp |
sandpolis |
not scanned |
Sandpolis Server (IANA official) |
| 8768 |
udp |
applications |
not scanned |
TeamSpeak—alternate |
| 8769 |
tcp |
oktaauthenticat |
not scanned |
IANA registered for: Okta MultiPlatform Access Mgmt for Cloud Svcs |
| 8777 |
udp |
games |
not scanned |
Astroneer (UDP) server
America's Army
Deus Ex (TCP/UDP)
Rainbow Six
Raven Shield: Athena Sword (TCP/UDP)
Unreal Tournament (TCP/UDP)
America's Army is vulnerable to a denial of service, caused by the improper handling of multiple players joining the server. By sending specially-crafted packets to UDP port 8777, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-52458] [BID-35749] |
| 8778 |
tcp |
uec |
not scanned |
EPOS Speech Synthesis System
Stonebranch Universal Enterprise Controller (IANA official) |
| 8787 |
tcp |
trojan |
Premium scan |
Back Orifice 2000 (BO2K) trojan |
| 8800 |
tcp |
address book |
not scanned |
Apple Address Book (Mac OS X Server v10.6 and later)
Sun Java System Web Server could allow a remote attacker to execute arbitrary code on the system, caused by a format string error in the WebDAV functionality. By sending a specially-crafted HTTP request on TCP port 8800 containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the webservd process to crash.
References: [XFDB-55812], [BID-37910] |
| 8801 |
tcp,udp |
zoom |
not scanned |
Zoom Video Conferencing uses these ports:
TCP: 80,443, 8801, 8802 - Zoom clients to Zoom meetings outbound connections.
UDP 3478, 3479, 8801-8810 Zoom meetings
Zoom Phone also uses outbound ports 390/tcp and 5091/tcp |
