| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 10618 |
tcp |
applications |
not scanned |
The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a &CONNECTSERVER&, &ADDENTRY&, &FIN&, &START&, &LOGPATH&, &FWADELTA&, &FWALOG&, &SETSYNCHRONOUS&, &SETPRGFILE& or &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference.
References: [CVE-2007-0228], [BID-21994] |
| 10622 |
tcp |
games |
Premium scan |
Dark Ages of Camelot game uses TCP ports 1280,10500,10622 TCP and a dynamic UDP port (1024-65535 range) |
| 10631 |
tcp |
printopia |
not scanned |
Port to allow for administration and control of "Printopia" application software, which provides printing services to mobile users [Ecamm Network LLC] (IANA official) |
| 10651 |
tcp |
applications |
not scanned |
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
References: [CVE-2011-2963], [BID-46907]
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.
References: [CVE-2014-0778], [XFDB-92615] |
| 10666 |
udp |
trojan |
not scanned |
Zandronum game servers use port 10666 TCP/UDP for games like multiplayer Doom.
Malware using this port: Ambush trojan, Roxrat backdoor
|
| 10700 |
tcp,udp |
applications |
not scanned |
KDX Server |
| 10752 |
tcp |
backdoor |
Members scan |
Backdoor. One of the many Linux mountd (port 635) exploits installs its backdoor at this port. Origin??? 10751 = 0x2a00, where 0x2a = 42 (proposed by Darren Reed)
The bx.c IRC exploit puts a root shell backdoor listening at this port.
The ADM named v3 attack puts a shell at this port. |
| 10777 |
|
applications |
not scanned |
Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777.
References: [CVE-2002-1507] |
| 10800 |
tcp,udp |
gap |
not scanned |
Touhou fight games (Immaterial and Missing Power, Scarlet Weather Rhapsody, Phantasmagoria of Flower View, Hisoutensoku, Hopeless Masquerade and Urban Legend in Limbo) (TCP)
IANA registered for: Gestor de Acaparamiento para Pocket PCs |
| 10801 |
udp |
applications |
not scanned |
Bag With Friends multiplayer server for the Peaks of Yore mod. |
| 10809 |
tcp |
nbd |
not scanned |
Linux Network Block Device |
| 10810 |
udp |
nmc-disc |
not scanned |
Nuance Mobile Care Discovery |
| 10823 |
tcp,udp |
applications |
not scanned |
Farming-Simulator |
| 10836 |
tcp |
applications |
not scanned |
configurable-world-domination-game multiplayer server |
| 10860 |
tcp,udp |
helix |
not scanned |
Helix Client/Server |
| 10880 |
tcp,udp |
bveapi |
not scanned |
BVEssentials HTTP API [Tri_Tech_Computers_Ltd] (IANA official) |
| 10887 |
tcp |
trojan |
Premium scan |
BDDT trojan |
| 10888 |
tcp |
trojans |
Premium scan |
Trojan.Webus.C [Symantec-2004-101212-0903-99] (2004.10.12) - remote access trojan. Affects all current Windows versions. Connects to an IRC server (on port 8080) and opens a backdoor on TCP port 10888 or 1080. |
| 10889 |
tcp |
trojan |
Premium scan |
BDDT trojan |
| 10891 |
tcp |
applications |
not scanned |
Jungle Disk (this port is opened by the Jungle Disk Monitor service on the localhost) |
| 10933 |
tcp |
octopustentacle |
not scanned |
Octopus Deploy Tentacle deployment agent (IANA official) |
| 10975 |
tcp,udp |
games |
not scanned |
TOCA Race Driver 2 |
| 11000 |
tcp,udp |
applications |
Premium scan |
Port used by Cisco Border Gateway Protocol, Microsoft Visual Studio, .Net Framework, SCInterface, Video Insight Health Monitor.
Games using this port: Everquest Online Adventrures, The Matrix Online, The Matrix Online (TCP), Archlord, Subnautica multiplayer mod Nitrox
Malware using this port: Senna Spy Trojan Generator, DataRape |
| 11001 |
tcp,udp |
metasys |
not scanned |
Metasys (IANA official) |
| 11002 |
tcp,udp |
games |
not scanned |
Archlord, developer: NHN Games Corporation |
| 11008 |
tcp,udp |
games |
not scanned |
Archlord, developer: NHN Games Corporation |
| 11010 |
tcp |
applications |
not scanned |
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
References: [CVE-2018-11517] |
| 11011 |
tcp |
trojan |
Premium scan |
Amanda trojan |
| 11031 |
tcp,udp |
games |
not scanned |
Heroes of Newerth |
| 11050 |
tcp |
trojan |
Premium scan |
Host Control trojan |
| 11051 |
tcp |
trojan |
Premium scan |
Host Control trojan |
| 11080 |
tcp,udp |
dogtag |
not scanned |
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
| 11092 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.ggw / Authentication Bypass - the malware runs a built-in FTP server listening on one of several random TCP ports like 32335, 27227, 27942, 14223, 14988, 11092. Third-party attackers who can reach the server and that know or guess the port can "logon" using any USER/PASS combination or provide no credentials at all.
References: [MVID-2021-0193] |
| 11095 |
udp |
weave |
not scanned |
device-to-service application protocol [Nest_Labs_Inc] (IANA official) |
| 11100 |
udp |
games |
not scanned |
Risk of Rain multiplayer server |
| 11103 |
tcp |
origo-sync |
not scanned |
IANA registered for: OrigoDB Server Sync Interface |
| 11104 |
tcp |
netapp-icmgmt |
not scanned |
NetApp Intercluster Management |
| 11105 |
tcp |
netapp-icdata |
not scanned |
NetApp Intercluster Data |
| 11108 |
udp |
myq-termlink |
not scanned |
IANA registered for: Hardware Terminals Discovery and Low-Level Communication Protocol |
| 11109 |
tcp |
sgi-dmfmgr |
not scanned |
Data migration facility Manager (DMF) is a browser based interface to DMF - SGI (IANA official) |
| 11110 |
tcp |
sgi-soap |
not scanned |
Data migration facility (DMF) SOAP is a web server protocol to support remote access to DMF - SGI (IANA official) |
| 11111 |
tcp |
trojan |
Premium scan |
Breach trojan |
| 11112 |
tcp,udp |
dicom |
not scanned |
DICOM (IANA official) |
| 11115 |
tcp,udp |
applications |
not scanned |
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
References: [CVE-2023-22897]
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
References: [CVE-2023-22620] |
| 11142 |
tcp |
trojans |
not scanned |
Backdoor.SubSeven.215 [Symantec-2003-062916-3850-99] (2003.06.29) - variant of the SubSeven family. This trojan horse allows unauthorized access to an infected machine. By default it listens on port 11142. |
| 11143 |
tcp |
ubiquiti |
not scanned |
Ubiquiti Cloud Access uses the following ports:
80/tcp
3478/udp
8543/tcp
11143/tcp |
| 11155 |
udp |
applications |
not scanned |
Tunngle |
| 11171 |
udp |
snss |
not scanned |
IANA registered for: Surgical Notes Security Service Discovery (SNSS) |
| 11172 |
tcp |
oemcacao-jmxmp |
not scanned |
OEM cacao JMX-remoting access point |
| 11173 |
tcp |
t5-straton |
not scanned |
Straton Runtime Programing [COPALP] (IANA official) |
| 11174 |
tcp |
oemcacao-rmi |
not scanned |
OEM cacao rmi registry access point |
| 11175 |
tcp |
oemcacao-websvc |
not scanned |
OEM cacao web service access point |
| 11202 |
tcp |
dcsl-backup |
not scanned |
DCSL Network Backup Services [John_Reynolds] (IANA official) |
| 11211 |
tcp,udp |
memcached |
not scanned |
Port used by Memcachedb and Apple iCal Server
Memcached is vulnerable to a denial of service, caused by an error when handling TCP packets. By sending a specially-crafted packet containing an overly long string to TCP port 11211, a remote attacker could exploit this vulnerability to cause a segmentation fault and application to crash.
References: [XFDB-83915], [BID-59567]
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
References: [CVE-2018-1000115], [EDB-44264], [EDB-44265] |
| 11223 |
tcp |
trojan |
Premium scan |
Progenic trojan, Secret Agent trojan |
| 11225 |
tcp,udp |
trojan |
not scanned |
Cyn trojan |
| 11234 |
tcp |
applications |
not scanned |
Graboid Video
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
References: [CVE-2011-3490] |
| 11235 |
tcp,sctp |
xcompute |
not scanned |
Savage:Battle for Newerth Server Hosting
Numerical systems messaging (IANA official) |
| 11271 |
udp |
trojans |
Members scan |
Trojan.Peacomm [Symantec-2007-011917-1403-99] (2007.01.19) - trojan horse that drops a system driver which injects some payload and hidden threads directly into the services.exe process, using a sophisticated technique. Once infected, it opens a backdoor to download other malicious programs. Uses UDP ports 4000, 7871, 11271. |
| 11294 |
tcp,udp |
applications |
not scanned |
Blood Quest Online Server |
| 11300 |
tcp |
beanstalkd |
not scanned |
Beanstalkd (asynchronous job queue for web applications) |
| 11306 |
tcp |
trojan |
Premium scan |
Noknok trojan |
| 11311 |
tcp |
trojans |
not scanned |
Backdoor.Carufax.A [Symantec-2004-041911-4812-99] (2004.04.19) - a trojan horse that will attempt to download files, open a backdoor, connect to an IRC server and log keystrokes. |
| 11332 |
tcp |
rspamd |
not scanned |
Rspamd (email anti-spam filtering system) listens on these ports: 11332/tcp (proxy worker), 11333/tcp (normal worker), 11334/tcp (controller worker). |
| 11333 |
tcp |
rspamd |
not scanned |
Rspamd (email anti-spam filtering system) listens on these ports: 11332/tcp (proxy worker), 11333/tcp (normal worker), 11334/tcp (controller worker). |
| 11334 |
tcp |
rspamd |
not scanned |
Rspamd (email anti-spam filtering system) listens on these ports: 11332/tcp (proxy worker), 11333/tcp (normal worker), 11334/tcp (controller worker). |
| 11371 |
tcp,udp |
hkp |
not scanned |
IANA registered for: OpenPGP HTTP Keyserver |
| 11386 |
tcp |
malware |
not scanned |
Trojan-Proxy.Win32.Ranky.z / Unauthenticated Open Proxy - the malware listens on TCP port 11386. Third-party attackers
who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0366] |
| 11404 |
tcp |
malware |
not scanned |
Backdoor.Win32.Prexot.a / Authentication Bypass - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110. Third-party attackers who can reach an infected system can logon using any username/password combination.
References: [MVID-2022-0484]
Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM) - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110 and accepts any credentials. Third-party intruders who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2022-0485] |
| 11427 |
udp |
canon |
not scanned |
Canon printers management console uses these ports (in addition to standard ports 25, 80, 110, 137, 389, 443, etc.):
427 UDP - SLP multicast discovery
5355 TCP/UDP - LLMNR device discovery for SNMP, SLP
8000, 8080 TCP - UI HTTP access
11427 UDP - device sleep notifications
47545 UDP - communication with devices
47547 TCP - communication with devices |
| 11430 |
udp |
lsdp |
not scanned |
Lenbrook Service Discovery Protocol [Lenbrook_Industries_Limited] (IANA official) |
| 11443 |
tcp,udp |
dogtag |
not scanned |
Plesk sw-cp-serverd (versions 9.0 to 10.2) uses ports 11443/tcp and 11444/tcp. Newer Plesk versions use port 6308/tcp.
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
| 11444 |
tcp |
plesk |
not scanned |
Plesk sw-cp-serverd (versions 9.0 to 10.2) uses ports 11443/tcp and 11444/tcp. Newer Plesk versions use port 6308/tcp. |
| 11489 |
tcp |
asgcypresstcps |
not scanned |
ASG Cypress Secure Only |
| 11576 |
tcp,udp |
applications |
not scanned |
IPStor Server management communication |
| 11606 |
tcp,udp |
games |
not scanned |
Last Chaos, developer: Aeria Games |
| 11611 |
tcp,udp |
applications |
not scanned |
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
References: [CVE-2023-49693] |
| 11623 |
tcp |
emc-xsw-dconfig |
not scanned |
IANA registered for: EMC XtremSW distributed config |
| 11660 |
tcp |
trojan |
Premium scan |
Back streets |
| 11675 |
tcp,udp |
applications |
not scanned |
V-Phone |
| 11718 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 11720 |
tcp,udp |
h323 |
not scanned |
H.323 Call Control Signalling Alternate (IANA official) |
| 11723 |
tcp,udp |
emc-xsw-dcache |
not scanned |
IANA registered for: EMC XtremSW distributed cache |
| 11753 |
tcp |
applications |
not scanned |
OpenRCT2 multiplayer |
| 11768 |
tcp |
trojans |
Premium scan |
Dipnet (a.k.a. Oddbob) trojan. Exploits the Windows port 445 vulnerability (MS Security Bulletin [MS04-011]). Uses tcp ports 11768 and 15118.
Trojan.Netdepix [Symantec-2004-121913-4445-99] (2004.12.18) - a trojan horse program that attempts to exploit the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin [MS04-011]) on randomly selected computers causing it to download and execute a remote file. |
| 11783 |
tcp,udp |
applications |
not scanned |
Last Contact |
| 11796 |
tcp |
lanschool |
not scanned |
LanSchool [Stoneware Inc] (IANA official) |
| 11796 |
udp |
lanschool-mpt |
not scanned |
Lanschool Multipoint [Stoneware Inc] (IANA official) |
| 11831 |
tcp |
trojans |
Premium scan |
Backdoor.Latinus [Symantec-2002-060710-5206-99] - remote access trojan, afects Windows 9x/ME/NT/2k/XP, opens TCP port 11831/tcp for direct control, 29559/tcp for file transfer, may also use ports 24289/tcp, 29559/tcp.
Backdoor.Pestdoor [Symantec-2002-100314-3144-99] (2002.10.03) - remote access trojan, affects Windows 9x/ME/NT/2k/XP
DarkFace - remote access trojan, affects Windows
Vagr Nocker (2001.02) - remote access trojan, affects Windows
Backdoor.Win32.Backlash.101 / Missing Authentication - BackLash Server 1.0 Alpha drops an executable named "d3d8thk.exe" under Windows dir and listens on TCP ports 11831 and 29559. Telnet to port 11831 allows anyone to retrieve basic system information and run some of the malwares built-in commands on the infected host.
References: [MVID-2021-0085]
Backdoor.Win32.Antilam.11 / Unauthenticated Remote Code Execution - the Win32.Antilam.11 malware aka "Backdoor.Win32.Latinus.b" (MVID-2021-0029), listens on TCP ports 11831, 29559. Third-party attackers who can reach infected systems can execute commands made available by the backdoor.
References: [MVID-2021-0324] |
| 11876 |
tcp,udp |
xoraya |
not scanned |
X2E Xoraya Multichannel protocol |
| 11877 |
udp |
x2e-disc |
not scanned |
X2E service discovery protocol |
| 11885 |
tcp,udp |
games |
not scanned |
DD Tournament Poker |
| 11921 |
tcp |
citrix |
not scanned |
Citrix NetScaler Insight Center / Agent node / Connector node use port 1921 TCP to scale out deployment. |
| 11950 |
tcp |
applications |
not scanned |
Murraycoin JSON-RPC server[147] |
| 11951 |
tcp |
applications |
not scanned |
Murraycoin |
| 11971 |
tcp |
tibsd |
not scanned |
IANA registered for: TiBS Service |
| 11977 |
tcp |
trojan |
Premium scan |
Cool Remote Control trojan |
| 11978 |
tcp |
trojan |
Premium scan |
Cool Remote Control trojan |
| 11980 |
tcp |
trojan |
Premium scan |
Cool Remote Control trojan |
| 11991 |
tcp |
trojan |
Premium scan |
PitfallSurprise trojan |
