| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 15101 |
tcp |
games |
not scanned |
Tribes 2, Emperor: Rise of the Middle Kingdom, Ground Control, Hoyle Online, Swat 3, Arcanum, PGA Championship Golf 2000 |
| 15104 |
tcp |
trojan |
not scanned |
Mstream trojan
Tribes 2 also uses this port. |
| 15111 |
udp |
ksnproxy |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 15118 |
tcp |
trojans |
Premium scan |
Dipnet (a.k.a. Oddbob) trojan. Exploits the Windows port 445 vulnerability (MS Security Bulletin [MS04-011]). Uses tcp ports 11768 and 15118. |
| 15118 |
udp |
v2g-secc |
not scanned |
IANA registered for: v2g Supply Equipment Communication Controller Discovery Protocol |
| 15152 |
tcp |
applications |
not scanned |
Exteel |
| 15200 |
tcp |
games |
not scanned |
Nascar 3, Emperor: Rise of the Middle Kingdom, Ground Control, Hoyle Online, Swat 3 |
| 15204 |
tcp |
games |
not scanned |
Tribes 2, Arcanum |
| 15206 |
tcp |
trojan |
Premium scan |
KiLo [Symantec-2003-021319-1815-99] trojan
Tribes 2 also uses this port.
Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram) - the malware listens on TCP ports 6712, 6713, 6714, 6715, 7722, 15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host can send a large payload to UDP port 6666 causing a disruption in service.
References: [MVID-2022-0546] |
| 15207 |
tcp |
trojan |
Premium scan |
KiLo trojan [Symantec-2003-021319-1815-99]
Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram) - the malware listens on TCP ports 6712, 6713, 6714, 6715, 7722, 15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host can send a large payload to UDP port 6666 causing a disruption in service.
References: [MVID-2022-0546] |
| 15210 |
udp |
trojan |
not scanned |
UDP remote shell backdoor server |
| 15213 |
tcp,udp |
games |
not scanned |
Original War |
| 15252 |
tcp,udp |
routers |
not scanned |
Port 15252/UDP used by MikroTik routers IP Cloud |
| 15300 |
tcp |
games |
not scanned |
Emperor: Rise of the Middle Kingdom, Swat 3, Arcanum |
| 15345 |
tcp,udp |
xpilot |
not scanned |
IANA registered for: XPilot Contact |
| 15348 |
tcp |
trojans |
not scanned |
Backdoor.Bionet.404 [Symantec-2003-110416-1452-99] (2003.11.04) - a backdoor program that permits a remote attacker access on TCP port 15348. |
| 15367 |
tcp,udp |
games |
not scanned |
Aleph One, developer: Bungie Software |
| 15382 |
tcp |
trojan |
Premium scan |
SubZero trojan |
| 15400 |
udp |
games |
not scanned |
Homeworld |
| 15401 |
udp |
games |
not scanned |
Homeworld |
| 15425 |
tcp,udp |
trojan |
Premium scan |
Backdoor.Rohimafo [Symantec-2010-041308-3301-99] (2010.04.13) - a trojan horse that opens a back door and steals information from the compromised computer. It creates a proxy server on TCP port 15425.
IRLP - Internet Radio Linking Project (uses port 1545 tcp/udp) |
| 15432 |
tcp |
trojans |
Premium scan |
Backdoor.Cyn [Symantec-2002-083012-4557-99] (2002.08) - remote access trojan, affects all current Windows versions, listens on ports 15432 and 51234. |
| 15441 |
tcp,udp |
applications |
not scanned |
ZeroNet fileserver |
| 15485 |
tcp |
trojan |
Premium scan |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 15486 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 15500 |
tcp |
trojan |
Premium scan |
In Route to the Hell trojan
Nascar 3, Hoyle Online also use this port. |
| 15512 |
tcp |
trojan |
Premium scan |
Iani trojan |
| 15551 |
tcp |
trojan |
Premium scan |
In Route to the Hell trojan |
| 15553 |
tcp |
trojans |
not scanned |
Backdoor.Dewin [Symantec-2002-061211-5916-99] (2002.06.12) - allows a hacker to gain access to and remotely control an infected computer. The Trojan program is written in Microsoft Visual C++ and is compressed with PECompact. |
| 15555 |
tcp |
trojan |
Premium scan |
ICMIBC trojan |
| 15556 |
tcp,udp |
applications |
not scanned |
Jeex.EU Artesia (direct client-to-db.service) |
| 15567 |
udp |
applications |
not scanned |
Battlefield Vietnam server port |
| 15668 |
udp |
games |
not scanned |
Heroes of Might and Magic III, developer: New World Computing |
| 15670 |
tcp |
stomp |
not scanned |
Port sometimes used by STOMP (Simple/Streaming Text Oriented Messaging Protocol, a web version of AMQP, or MQTT). |
| 15672 |
tcp,udp |
applications |
not scanned |
360 Share, developer: 360share
RabbitMQ management plugin uses this port |
| 15674 |
tcp |
stomp |
not scanned |
STOMP (Simple/Streaming Text Oriented Messaging Protocol) standard port. STOMP is a web version of AMQP or MQTT |
| 15690 |
udp |
applications |
not scanned |
ASE Port, Battlefield Vietnam |
| 15695 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 15800 |
tcp |
games |
not scanned |
Tribes 2, Emperor: Rise of the Middle Kingdom, Swat 3, Arcanum |
| 15802 |
tcp |
games |
not scanned |
Throne of Darkness |
| 15845 |
udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 15852 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 15855 |
tcp |
trojans |
not scanned |
Trojan.Looksky [Symantec-2006-060512-1520-99] (2006.06.05) - a trojan horse that opens a back door and downloads files onto the compromised computer. The trojan also contains rootkit functionality. |
| 15858 |
tcp |
trojans |
Premium scan |
CDK trojan (ports 79, 15858) |
| 15963 |
tcp,udp |
applications |
not scanned |
Turkojan |
| 15998 |
udp |
2ping |
not scanned |
IANA registered for: 2ping Bi-Directional Ping Service |
| 15999 |
tcp |
programmar |
not scanned |
IANA registered for: ProGrammar Enterprise. |
| 16000 |
tcp,udp |
applications |
not scanned |
Motorhead Server, shroudBNC
Oracle WebCenter Content: Imaging (formerly known as Oracle Universal Content Management) (TCP). Port though often changed during installation.
Administration Server Access (IANA official)
|
| 16001 |
tcp |
fmsascon |
not scanned |
IANA registered for: Administration Server Connector. |
| 16002 |
tcp |
gsms |
not scanned |
IANA registered for: GoodSync Mediation Service |
| 16003 |
udp |
alfin |
not scanned |
IANA registered for: Automation and Control by REGULACE.ORG |
| 16010 |
tcp,udp |
applications |
not scanned |
Motorhead Server uses ports 16010-16030 |
| 16020 |
tcp |
jwpc |
not scanned |
Filemaker Java Web Publishing Core |
| 16021 |
tcp |
jwpc-bin |
not scanned |
Filemaker Java Web Publishing Core Binary |
| 16030 |
tcp,udp |
applications |
not scanned |
Motorhead Server uses ports 16010-16030 |
| 16057 |
tcp |
trojan |
Premium scan |
MoonPie trojan |
| 16080 |
tcp |
applications |
not scanned |
Mac OS X Server Web (HTTP) service with performance cache |
| 16102 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp)
References: [CVE-2011-5124] |
| 16162 |
tcp |
solaris-audit |
not scanned |
Solaris Audit - secure remote audit log |
| 16200 |
tcp |
applications |
not scanned |
Oracle Universal Content Management Content Server
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
References: [CVE-2009-2874], [BID-36675] |
| 16250 |
udp |
applications |
not scanned |
Ghost Recon Advanced Warfighter is vulnerable to a denial of service, caused by a signedness error. By sending specially-crafted packets to UDP port 16250, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-60153], [BID-41459], [SECUNIA-40465] |
| 16250 |
tcp |
applications |
not scanned |
Oracle Universal Content Management Inbound Refinery |
| 16261 |
tcp,udp |
applications |
not scanned |
Project Zomboid multiplayer. Additional sequential ports used for each player connecting to server |
| 16286 |
tcp,udp |
applications |
not scanned |
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests.
References: [CVE-2001-1057], [BID-3120] |
| 16322 |
tcp |
trojans |
Premium scan |
Backdoor.Lastdoor [Symantec-2002-090517-3251-99] (2002.09.04) - remote access trojan. Affects all current Windows versions. |
| 16379 |
tcp |
applications |
not scanned |
Redis Cluster bus |
| 16384 |
udp |
connected |
not scanned |
Apple iChat AV (Audio RTP, RTCP; Video RTP, RTCP) uses ports 16384-16403
Verizon VoiceWing uses ports 16384-16392 (TCP/UDP)
Iron Mountain Digital online backup
Connected Corp (TCP/UDP) (IANA official) |
| 16385 |
udp |
applications |
not scanned |
Apple FaceTime, Apple Game Center (RTP/RTCP) |
| 16385 |
tcp |
rdgs |
not scanned |
Reliable Datagram Sockets (IANA official) |
| 16386 |
udp |
applications |
not scanned |
Apple FaceTime, Apple Game Center (RTP/RTCP) |
| 16387 |
udp |
applications |
not scanned |
Apple Game Center (RTP/RTCP) |
| 16389 |
tcp |
applications |
not scanned |
A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically.
References: [CVE-2017-9938], [BID-99539], [XFDB-128367] |
| 16392 |
tcp,udp |
applications |
not scanned |
Verizon VoiceWing uses ports 16384-16392 |
| 16393 |
udp |
applications |
not scanned |
Apple FaceTime (RTP/RTCP) uses ports 16393-16402 |
| 16402 |
udp |
applications |
not scanned |
Apple FaceTime (RTP/RTCP) uses ports 16393-16402 |
| 16403 |
udp |
applications |
not scanned |
Apple Game Center (RTP/RTCP) uses ports 16403-16472 |
| 16420 |
udp |
applications |
not scanned |
Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP)
Apple Game Center also uses this port |
| 16464 |
tcp |
trojan |
Premium scan |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 16465 |
tcp |
trojan |
not scanned |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 16470 |
tcp |
zeroaccess |
Premium scan |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 16471 |
tcp |
trojan |
Premium scan |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 16484 |
tcp |
trojan |
not scanned |
Mosucker trojan |
| 16499 |
udp |
games |
not scanned |
Star Trek Armada II |
| 16514 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 16515 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 16523 |
tcp |
trojan |
Premium scan |
Back streets trojan |
| 16567 |
udp |
applications |
not scanned |
Default Battlefield 2 server port |
| 16638 |
udp |
games |
not scanned |
SWAT3 game |
| 16639 |
tcp |
games |
not scanned |
SWAT3 game |
| 16660 |
tcp |
trojan |
not scanned |
Stacheldraht (DDoS) |
| 16661 |
tcp |
trojans |
Premium scan |
Backdoor.Haxdoor.D [Symantec-2005-012411-2332-99] (2005.01.24) - backdoor trojan program. Also attempts to log key strokes and steal passwords. Listens on port 16661/tcp, opens two additional high random ports.
Backdoor.Haxdoor.E [Symantec-2005-080212-3505-99] (2005.08.01) - trojan that opens a backdoor on the compromised computer, logs keystrokes, steals passwords and drops rootkits that run in safe mode. Opens a backdoor on one or more of the following ports: 7080/tcp, 8008/tcp, or 16661/tcp.
|
| 16666 |
udp |
vtp |
not scanned |
Vidder Tunnel Protocol [Vidder Inc] (IANA official) |
| 16699 |
tcp |
games |
not scanned |
Stronghold 2 |
| 16712 |
tcp |
trojan |
Premium scan |
KiLo trojan [Symantec-2003-021319-1815-99]
Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram) - the malware listens on TCP ports 6712, 6713, 6714, 6715, 7722, 15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host can send a large payload to UDP port 6666 causing a disruption in service.
References: [MVID-2022-0546] |
| 16761 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 16768-16771 |
tcp |
spector |
not scanned |
ports 16768-16771 are used by SpectorSoft products to check for updates and exchange information with their servers, and for user remote access. Ports 16770/16771 are commonly open.
Port 16770 - Primary Server / listen IP port
Port 16771 - Web Filter Server
Port 16768 - Control Center Server
Port 16769 - Recorder Data Vault |
| 16772 |
tcp |
trojan |
not scanned |
ICQ Revenge (TCP) |
| 16789 |
tcp |
cadsisvr |
not scanned |
Mainframe External Security Managers from any TCP/IP platform (IANA official) |
| 16900 |
tcp,udp |
newbay-snc-mc |
not scanned |
Newbay Mobile Client Update Service |
| 16959 |
tcp |
trojan |
Premium scan |
SubSeven [Symantec-2001-020114-5445-99] |
