| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 11978 |
tcp |
trojan |
Premium scan |
Cool Remote Control trojan |
| 11980 |
tcp |
trojan |
Premium scan |
Cool Remote Control trojan |
| 11991 |
tcp |
trojan |
Premium scan |
PitfallSurprise trojan |
| 11999 |
tcp |
yahoo-games |
not scanned |
Yahoo Games |
| 12000 |
tcp |
trojans |
Members scan |
Applications that use this port: Phantasy Star Universe, ClearCommerce Engine 4.x (www.clearcommerce.com), CubeForm, Multiplayer SandBox Game.
Wizard 101 uses ports 12000-12999 (TCP/UDP).
SatanCrew [Symantec-2002-082915-3335-99] - remote access trojan, 08.2002. Affects Windows 9x/Me,NT,2K,XP.
W32.Mytob.GN@mm [Symantec-2005-062916-0911-99] (2005.06.29) - mass-mailing worm with its own SMTP engine and backdoor capabilities. Sends itself to email addresses it finds on the compromised computer. Opens and IRC backdoor on port 12000/tcp.
eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 12000.
References: [CVE-2012-1813]
Backdoor.Win32.ReverseTrojan.200 / Authentication Bypass Empty Password - ReverseTrojan by satan_addict listens on TCP ports, 12000 and 21. The malware accepts empty credentials for authentication as the default settings are set to blank. Third-party attackers who can reach an infected host can potentially gain access to the machine before or if no password is set.
References: [MVID-2021-0256]
IANA registered for: entextxid - IBM Enterprise Extender SNA XID Exchange |
| 12001 |
tcp |
seafile |
not scanned |
Think or Swim (TD Ameritrade) platform uses port 12001 TCP
Seafile Windows Server uses the following TCP ports: 8000 (seahub web interface), 8082 (seafile server), 10001 (ccnet), 12001 (seaf-server).
IANA registered: IBM Enterprise Extender SNA COS Network Priority |
| 12002 |
tcp,udp |
applications |
not scanned |
ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002.
References: [CVE-2001-0121], [BID-2174]
Port is also IANA registered for IBM Enterprise Extender SNA COS High Priority |
| 12003 |
tcp,udp |
entextmed |
not scanned |
Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.
References: [CVE-2018-15534], [EDB-45240]
IANA registered for: IBM Enterprise Extender SNA COS Medium Priority |
| 12005 |
|
dbisamserver1 |
not scanned |
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.
References: [CVE-2018-15533], [EDB-45242]
IANA registered for: DBISAM Database Server |
| 12009 |
udp |
ghvpn |
not scanned |
Green Hills VPN [Green Hills Software] (IANA official) |
| 12010 |
tcp |
edbsrvr |
not scanned |
ElevateDB Server |
| 12011 |
tcp |
applications |
not scanned |
Axence nVision |
| 12012 |
tcp,udp |
vipera |
not scanned |
Audition Online Dance Battle, Korea Server—Status/Version Check (UDP), Axence nVision
Vipera Messaging Service (IANA official) |
| 12013 |
tcp,udp |
vipera-ssl |
not scanned |
IANA registered for: Vipera Messaging Service over SSL Communication, registered 2008-01-16
Audition Online Dance Battle, Korea Server also uses this port. |
| 12031 |
tcp |
applications |
not scanned |
Axence nVision |
| 12032 |
tcp |
applications |
not scanned |
Axence nVision |
| 12035 |
udp |
applications |
not scanned |
IANA registered for: Linden Lab viewer to sim on SecondLife |
| 12043 |
tcp |
trojan |
Premium scan |
Frenzy trojan
Second Life, used for LSL HTTPS in-bound |
| 12046 |
tcp |
applications |
not scanned |
Second Life, used for LSL HTTP in-bound |
| 12053 |
tcp,udp |
applications |
not scanned |
Delta Three PC to Phone |
| 12065 |
tcp |
trojan |
Premium scan |
Backdoor.Berbew.j [Symantec-2004-082414-4142-99] |
| 12076 |
tcp |
trojans |
Premium scan |
GJamer, MSH.104b trojans |
| 12080 |
tcp |
applications |
Members scan |
Port used by WebShield, Dwyco Video Conferencing, NetworkServer, Delta Three PC to Phone.
Trojan Troj/Agent-E, Win32.Disprox.A also use this port. |
| 12083 |
tcp |
applications |
not scanned |
Delta Three PC to Phone |
| 12088 |
tcp,udp |
applications |
not scanned |
Revo DVRNS |
| 12099 |
tcp |
games |
not scanned |
Phantasy Star Universe |
| 12120 |
udp |
applications |
not scanned |
Delta Three PC to Phone |
| 12121 |
tcp |
trojans |
Premium scan |
Backdoor.Balkart [Symantec-2004-090212-3607-99] (2004.09.02) - a backdoor trojan horse that can act as a HTTP proxy or FTP server
Port is also IANA registered for NuPaper Session Service |
| 12122 |
udp |
applications |
not scanned |
Delta Three PC to Phone |
| 12122 |
tcp |
trojans |
Members scan |
Hellz Addiction, also known as Backdoor.Hellza.110, Backdoor.Hellza.115, and Backdoor.Hellza.120, is a backdoor Trojan affecting Microsoft Windows operating systems.
The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 12122, to allow the client system to connect. Hellz Addiction could allow a remote attacker to gain unauthorized access to the system.
References: [XFDB-15163]
Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution - the malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can issue commands made available by the backdoor.
References: [MVID-2022-0641] |
| 12168 |
tcp,udp |
cawas |
not scanned |
Computer Associates eTrust AntiVirus Server contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial of service condition. eTrust AntiVirus Server installs a service called inoweb that listens on port 12168/tcp.
References: [CVE-2007-2522], [OSVDB-34585], [BID- 23906]
IANA registered for: CA Web Access Service |
| 12174 |
tcp |
applications |
not scanned |
Multiple Symantec Alert Management System 2 (AMS2) components could allow a remote attacker to execute arbitrary commands on the system, caused by an error in the Intel LANDesk Common Base Agent (CBA). By sending a specially-crafted packet to TCP port 12174, a remote attacker could pass packet content as an argument to the CreateProcessA() function and execute arbitrary commands on the system with SYSTEM level privileges.
References: [CVE-2009-1429], [BID-34671] |
| 12200 |
tcp |
applications |
not scanned |
GNucDNA, Tenebril GhostSurf |
| 12201 |
udp |
games |
not scanned |
Medal of Honor: Allied Asasult Monitoring Port
Graylog Extended Log Format (GELF) also uses this port (TCP/UDP) |
| 12202 |
udp |
games |
not scanned |
Medal of Honor: Allied Asasult Alternate Game Port (Opt. w/net port) |
| 12203 |
udp |
games |
not scanned |
Medal of Honor: Allied Asasult Default Server Port |
| 12210 |
udp |
games |
not scanned |
Medal of Honor: Allied Assault |
| 12221 |
tcp |
applications |
not scanned |
ABB MicroSCADA could allow a remote attacker to execute arbitrary code on the system, caused by an error in bounds checking on user supplied data to wserver.exe. By sending a specially crafted request to TCP port 12221, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
References: [XFDB-89342], [EDB-30009] |
| 12222 |
udp |
games |
not scanned |
Act of War: Direct Action (Atari), a.k.a AOWDA, developer: Eugen Systems
Light Weight Access Point Protocol (LWAPP) LWAPP data (RFC 5412) |
| 12223 |
tcp |
trojan |
not scanned |
Hack'99 KeyLogger |
| 12223 |
udp |
applications |
not scanned |
Light Weight Access Point Protocol (LWAPP) LWAPP control (RFC 5412) |
| 12289 |
udp |
plc |
not scanned |
YOKOGAWA FA-M3 PLC industrical computer uses UDP ports 12289,12291. |
| 12291 |
udp |
plc |
not scanned |
YOKOGAWA FA-M3 PLC industrical computer uses UDP ports 12289,12291. |
| 12299 |
tcp |
applications |
not scanned |
PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299.
References: [CVE-2012-0230] |
| 12300 |
udp |
games |
not scanned |
Medal of Honor: Allied Asasult Master UDP Query Port |
| 12302 |
tcp |
rads |
not scanned |
Remote Administration Daemon (RAD) is a system service that offers secure, remote, programmatic access to Solaris system configuration and run-time state [Oracle] (IANA official) |
| 12307 |
udp |
applications |
not scanned |
Makerbot UDP Broadcast (client to printer) |
| 12308 |
udp |
applications |
not scanned |
Makerbot UDP Broadcast (printer to client) (JSON-RPC) |
| 12310 |
tcp |
trojan |
Premium scan |
PreCursor trojan |
| 12321 |
tcp,udp |
trojan |
not scanned |
Protoss trojan |
| 12345 |
tcp |
NetBus |
Members scan |
Because of the common sequence of numbers "1 2 3 4 5" this port is commonly chosen when configuring programs, or as default port number.
Cubeworld Server uses port 12345 (TCP/UDP)
opendkim default port (may also use ports 8891,54321)
Tailscale (WireGuard-based open source app for secure private networks) uses port 12345
Some trojan horses/backdoors use this port: Ashley, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus Trojan, Pie Bill Gates, Whack Job, X-bill, ValvNet, TMListen, cron/crontab, Adoresshd.
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551.
The Trend Micro OfficeScan uses port 12345. Client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
References: [CVE-2000-0204] [BID-1013]
iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.
References: [CVE-2017-7730]
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
References: [CVE-2018-16224]
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 12346 |
tcp |
NetBus |
Members scan |
Because of the common sequence of numbers "1 2 3 4 5" port 12346 is also commonly chosen when configuring programs, or as default port number. It is also used by some malware.
Rhapsody music service (Android) uses port 12346/tcp
NetBus trojan
Some other trojans/backdoors that use this port: Ashley, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus, Pie Bill Gates, Whack Job, X-bill
Backdoor.Wasil [Symantec-2002-090617-0925-99] (2002.09.06) - a backdoor trojan that gives an attacker unauthorized access to an infected computer. By default it opens ports 12346 on the compromised computer.
|
| 12346 |
udp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
ports 12346, 12446, 12546, 12646 (UDP, if DTLS)
ports: 23456, 23556, 23656, 23756 (TCP, if DTLS) |
| 12347 |
tcp |
trojans |
Premium scan |
W32.Mytob.FP@mm [Symantec-2005-062017-2756-99] - mass-mailing worm that opens backdoors on ports 10087/tcp and 12347/tcp. |
| 12348 |
tcp |
BioNet |
Members scan |
GCI BioNet trojan
Backdoor.Win32.Bionet.10 / Authentication Bypass RCE - the malware listens on TCP port 12348. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2021-0414] |
| 12349 |
tcp |
trojans |
Members scan |
Trojans that use this port: GCI BioNet, The Saint, Webhead |
| 12350 |
tcp |
skype |
Members scan |
Port used by Skype VoIP |
| 12351 |
tcp |
sda |
not scanned |
HP Smart Device Agent (SDA) uses port 12351/TCP to communicate with the SDA Server and clients real-time evens over TLS
|
| 12356 |
tcp |
malware |
not scanned |
Backdoor.Win32.Surila.j / Port Bounce Scan - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050, 13137. The malware has an FTP component that accepts any username/password credentials. Third-party attackers who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2021-0288]
Backdoor.Win32.Surila.j / Authentication Bypass - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050, 13137. Third-party attackers who can reach infected systems can logon using any username/password combination.
References: [MVID-2021-0289]
Backdoor.Win32.Surila.j / Remote Denial of Service - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050. Third-party attackers who can reach infected systems can logon using any username/password combination. Supplying a long string of characters for the FTP PORT command argument results in access violation and crash.
References: [MVID-2021-0290] |
| 12361 |
tcp |
trojan |
Premium scan |
Whack-a-mole trojan |
| 12362 |
tcp |
trojan |
Premium scan |
Whack-a-mole trojan |
| 12363 |
tcp |
trojan |
Premium scan |
Whack-a-mole trojan |
| 12389 |
tcp |
trojan |
Premium scan |
KheSanh trojan |
| 12397 |
tcp |
applications |
not scanned |
Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP ports 12397 or 12399.
References: [CVE-2011-4537], [BID-51157]
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
References: [CVE-2011-1566] [BID-46936] [SECUNIA-43849]
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.
References: [CVE-2013-0657] |
| 12399 |
tcp |
applications |
not scanned |
Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP ports 12397 or 12399.
References: [CVE-2011-4537], [BID-51157] |
| 12401 |
tcp |
applications |
not scanned |
Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.
References: [CVE-2011-4050] [BID-51146]
PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401.
References: [CVE-2012-0231]
Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.
References: [CVE-2011-1567] [BID-46936] [SECUNIA-43849]
WellinTech KingSCADA is vulnerable to a stack-based buffer overflow, caused by an integer overflow in kxNetDispose.dll. By sending a specially-crafted packet to TCP port 12401, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2014-0787], [XFDB-92641] |
| 12446 |
udp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
ports 12346, 12446, 12546, 12646 (UDP, if DTLS)
ports: 23456, 23556, 23656, 23756 (TCP, if DTLS) |
| 12456 |
tcp |
trojan |
Premium scan |
NetBus trojan |
| 12478 |
tcp |
trojan |
Premium scan |
Bionet trojan |
| 12489 |
tcp |
applications |
not scanned |
NSClient/NSClient++/NC_Net (Nagios) |
| 12546 |
udp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
ports 12346, 12446, 12546, 12646 (UDP, if DTLS)
ports: 23456, 23556, 23656, 23756 (TCP, if DTLS) |
| 12546 |
tcp |
carb-repl-ctrl |
not scanned |
Carbonite Server Replication Control (IANA official) |
| 12623 |
udp |
trojan |
not scanned |
ButtMan, DUN Control trojans |
| 12624 |
tcp |
trojans |
Premium scan |
Backdoor.Tubma [Symantec-2002-060417-3543-99] (2002.06.05) - a remote access trojan which allows a hacker to manipulate the host computer.
Power, Buttman trojans also use this port. |
| 12625 |
tcp |
trojan |
Premium scan |
Buttman trojan |
| 12631 |
tcp |
trojan |
Premium scan |
WhackJob, WhackJob.NB1.7 trojan |
| 12646 |
udp |
cisco |
not scanned |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
ports 12346, 12446, 12546, 12646 (UDP, if DTLS)
ports: 23456, 23556, 23656, 23756 (TCP, if DTLS) |
| 12684 |
tcp |
trojan |
Premium scan |
Power trojan |
| 12701 |
tcp |
Octopi |
Premium scan |
Octopi software-manager (Manjaro Linux, Garuda Linux, etc.) uses port 12701
[trojan] Eclipse 2000 |
| 12754 |
tcp |
trojan |
Premium scan |
Mstream trojan |
| 12865 |
tcp |
netperf |
not scanned |
IANA registered for: control port for the netperf benchmark |
| 12888 |
tcp,udp |
dogtag |
not scanned |
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
| 12889 |
tcp,udp |
dogtag |
not scanned |
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
| 12904 |
tcp |
trojans |
Premium scan |
Akropolis, Rocks trojans |
| 12973 |
tcp |
trojan |
Premium scan |
QR keylogger/remote access |
| 12975 |
tcp |
trojan |
Premium scan |
QR keylogger/remote access
LogMeIn Hamachi (VPN tunnel software; also port 32976)—used to connect to Mediation Server (bibi.hamachi.cc); will attempt to use SSL (TCP port 443) if both 12975 & 32976 fail to connect |
| 12998 |
udp |
applications |
not scanned |
IANA registered for: Takenaka RDI Mirror World on SecondLife |
| 12999 |
udp |
applications |
not scanned |
IANA registered for: Takenaka RDI Mirror World on SecondLife
Wizard 101 uses ports 12000-12999 (TCP/UDP) |
| 13000 |
tcp,udp |
klnagent |
Premium scan |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
Linden Lab viewer to sim on SecondLife (UDP)
Unreal Tournament 3 (TCP)
Senna Spy trojan (TCP) |
| 13001 |
tcp |
applications |
not scanned |
ForeScout CounterACT - an automated security control platform that lets you see, monitor, and control everything on your network: all devices, all operating systems, all applications, all users. |
| 13005 |
udp |
applications |
not scanned |
Settlers 7 game ports: 13005, 13200 TCP and 3544, 9103, 13005, 21000-29999 UDP |
| 13008 |
tcp,udp |
applications |
not scanned |
IANA registered for: Cross Fire, a multiplayer online First Person Shooter |
| 13010 |
tcp |
trojans |
Premium scan |
BitchController, Hacker Brazil trojans |
| 13013 |
tcp |
trojan |
Premium scan |
Backdoor.Psychward [Symantec-2001-052208-1840-99]
Trojan-Dropper.Win32.Juntador.a / Weak Hardcoded Password - the malware listens on TCP ports 7826 and 13013 and drops executables under the Windows dir. Authentication is required for remote user access. However, the password "sexjerx sexjerx" is weak and hardcoded in plaintext within the executable.
References: [MVID-2021-0259]
Backdoor.Win32.IRCBot.gen / Weak Hardcoded Password - the malware listens on TCP port 13013. Authentication is required for remote user access. However, the password "slimanus" is weak and hardcoded in plaintext within the executable.
References: [MVID-2021-0295] |
| 13014 |
tcp |
trojan |
Premium scan |
Backdoor.Psychward [Symantec-2001-052208-1840-99]
Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials - the malware listens on TCP port 13014. Authentication is required, however the credentials "evilgoat / penix" are weak and found within the PE file.
References: [MVID-2022-0619] |
| 13028 |
tcp |
trojan |
Premium scan |
Back streets trojan |
| 13075 |
tcp |
applications |
not scanned |
Default for BMC Software Control-M/Enterprise Manager Corba communication, though often changed during installation |
| 13079 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 13080 |
tcp,udp |
dogtag |
not scanned |
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
| 13100 |
tcp |
ghidra |
not scanned |
Ghidra server default port - open source reverse engineering suite of tools developed by the NSA. It may also open 9010 TCP (optional jvisualvm dcom sun management jmxremote port) and 18200 TCP (optional java debug port). |
