| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 18136 |
tcp |
racf |
not scanned |
IANA registered for: z/OS Resource Access Control Facility |
| 18180 |
tcp |
applications |
not scanned |
DART Reporting server |
| 18200 |
tcp |
ghidra |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server
Ghidra - open source reverse engineering suite of tools developed by the NSA, uses the following ports: 13100 TCP - default server port, 9010 TCP - optional jvisualvm port (dcom sun management jmxremote), 18200 TCP - optional java debug port. |
| 18201 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18206 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18231 |
tcp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18232 |
tcp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18233 |
udp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18234 |
udp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18242 |
tcp |
iclid |
not scanned |
Checkpoint router monitoring [Check Point Software] (IANA official) |
| 18243 |
tcp |
clusterxl |
not scanned |
Checkpoint router state backup [Check_Point_Software] (IANA official) |
| 18264 |
tcp |
applications |
not scanned |
Check Point VPN-1 R55, R65, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (a.k.a. ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.
References: [CVE-2008-5849] [BID-32306]
Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264.
References: [CVE-2006-3885] [BID-19136] [SECUNIA-21200]
Check Point ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18300 |
tcp,udp |
games |
not scanned |
Battlefield 2142
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18301 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18302 |
tcp,udp |
portmon |
not scanned |
Portmon- monitors and displays all serial and parallel port activity on a system. |
| 18306 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18308 |
udp |
games |
not scanned |
Scrabble Complete |
| 18321 |
tcp,udp |
games |
not scanned |
Medieval: Total War |
| 18332 |
tcp |
bitcoin |
not scanned |
Bitcoin JSON-RPC testnet server |
| 18333 |
tcp,udp |
bitcoin |
not scanned |
Bitcoin Testnet uses this port. See also port 8333. |
| 18354 |
tcp |
trojans |
Premium scan |
Backdoor.Heplane [Symantec-2005-050122-5053-99] (2005.05.01) - a trojan that allows a remote attacker to have unauthorized access to the compromised computer. It also acts as a proxy server. |
| 18390 |
tcp |
games |
not scanned |
Battlefield: Bad Company 2, developer: EA Digital Illusions CE |
| 18395 |
tcp,udp |
games |
not scanned |
Battlefield: Bad Company 2, developer: EA Digital Illusions CE |
| 18400 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18401 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18443 |
tcp |
siemens |
Premium scan |
Siemens Openstage and Gigaset phones use the following ports:
389/tcp - LDAP
636/tcp - LDAPS
5010/tcp - RTP
5060/tcp - SIP gateway, backup proxy
8085/tcp - DLS
18443/TCP and 18444/TCP - provisioning over TLS (HTTPS)
|
| 18444 |
tcp |
siemens |
Premium scan |
Siemens Openstage and Gigaset phones use the following ports:
389/tcp - LDAP
636/tcp - LDAPS
5010/tcp - RTP
5060/tcp - SIP gateway, backup proxy
8085/tcp - DLS
18443/TCP and 18444/TCP - provisioning over TLS (HTTPS) |
| 18505 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18506 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18507 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18508 |
tcp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18510 |
tcp |
games |
not scanned |
Battlefield 2142 |
| 18510 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18512 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18515 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18516 |
udp |
heythings |
not scanned |
IANA registered for: HeyThings Device communicate service |
| 18518 |
tcp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18519 |
tcp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18550 |
tcp,udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.
References: [CVE-2022-29963] |
| 18605 |
tcp,udp |
applications |
not scanned |
X-BEAT—Status/Version Check |
| 18606 |
tcp,udp |
applications |
not scanned |
X-BEAT |
| 18624 |
tcp |
applications |
not scanned |
Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis."
References: [CVE-2009-1227] [BID-34286] |
| 18634 |
tcp,udp |
rds-ib |
not scanned |
Reliable Datagram Service |
| 18635 |
tcp,udp |
rds-ip |
not scanned |
Reliable Datagram Service over IP |
| 18667 |
tcp |
trojan |
Premium scan |
Knark trojan |
| 18668 |
tcp,udp |
vdmmesh |
not scanned |
IANA registered for: Manufacturing Execution Systems Mesh Communication |
| 18747 |
udp |
applications |
not scanned |
Citrix EdgeSight could allow a remote attacker to execute arbitrary code on the system, caused by an error in the LauncherService.exe component. By sending specially-crafted packets to TCP or UDP port 18747, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with SYSTEM-level privileges.
References: [XFDB-68148], [BID-48385] |
| 18753 |
udp |
trojan |
not scanned |
Shaft (DDoS) |
| 18881 |
tcp,udp |
applications |
not scanned |
This module exploits a stack buffer overflow in Race river's Integard Home/Pro internet content filter HTTP Server. Versions prior to 2.0.0.9037 and 2.2.0.9037 are vulnerable. The administration web page on port 18881 is vulnerable to a remote buffer overflow attack. By sending an long character string in the password field, both the structured exception handler and the saved extended instruction pointer are over written, allowing an attacker to gain control of the application and the underlying operating system remotely. The administration website service runs with SYSTEM privileges, and automatically restarts when it crashes.
References: [OSVDB-67909]
Port is also IANA registered for Infotos |
| 18888 |
tcp,udp |
liquidaudio |
not scanned |
Port used by LiquidAudio servers. |
| 18923 |
tcp,udp |
jahia |
not scanned |
Jahia |
| 18961 |
tcp |
trojans |
Premium scan |
Backdoor.Haxdoor.B [Symantec-2004-052016-0128-99] (2004.05.20) - a backdoor trojan horse that opens a TCP port, allowing unauthorized access to an infected computer. |
| 18999 |
udp |
applications |
not scanned |
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.
References: [CVE-2018-0151], [BID-103540] |
| 19000 |
tcp |
games |
not scanned |
Silent Hunter IV: Wolves Of The Pacific, developer: UbiSoft Romania
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 19000 |
udp |
applications |
not scanned |
JACK sound server |
| 19001 |
udp |
games |
not scanned |
Silent Hunter IV: Wolves Of The Pacific, developer: UbiSoft Romania
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 19002 |
udp |
games |
not scanned |
Silent Hunter IV: Wolves Of The Pacific, developer: UbiSoft Romania |
| 19007 |
tcp,udp |
scintilla |
not scanned |
Scintilla protocol for device services [Veejansh_Inc] (IANA official) |
| 19020 |
tcp |
j-link |
not scanned |
J-Link TCP/IP Protocol [SEGGER] (IANA official) |
| 19050 |
tcp |
malware |
not scanned |
Backdoor.Win32.Surila.j / Port Bounce Scan - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050, 13137. The malware has an FTP component that accepts any username/password credentials. Third-party attackers who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2021-0288]
Backdoor.Win32.Surila.j / Authentication Bypass - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050, 13137. Third-party attackers who can reach infected systems can logon using any username/password combination.
References: [MVID-2021-0289]
Backdoor.Win32.Surila.j / Remote Denial of Service - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050. Third-party attackers who can reach infected systems can logon using any username/password combination. Supplying a long string of characters for the FTP PORT command argument results in access violation and crash.
References: [MVID-2021-0290] |
| 19132 |
udp |
games |
not scanned |
Minecraft Pocket Edition multiplayer server
Minecraft: Bedrock Edition multiplayer server |
| 19133 |
udp |
games |
not scanned |
Minecraft: Bedrock Edition IPv6 multiplayer server |
| 19150 |
tcp |
gkrellm |
not scanned |
GKrellM remote system activity meter daemon |
| 19170 |
tcp |
klserver |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 19191 |
tcp |
trojan |
Premium scan |
BlueFire trojan |
| 19216 |
tcp |
trojan |
Premium scan |
BackGate Kit trojan |
| 19220 |
tcp |
cora |
not scanned |
IANA registered for: Client Connection Management and Data Exchange Service |
| 19220 |
udp |
cora-disc |
not scanned |
IANA registered for: Discovery for Client Connection Management and Data Exchange Service |
| 19226 |
tcp |
applications |
not scanned |
Panda Software AdminSecure Communication Agent
Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.
References: [CVE-2007-3026], [BID-25046]
Panda Security for Business and Panda Security for Enterprise products could allow a remote attacker to execute arbitrary code on the system, caused by a directory traversal flaw in the Panda AdminSecure Communications Agent (Pagent.exe). By sending a specially-crafted request to TCP port 19226, an attacker could exploit this vulnerability to create and overwrite arbitrary files and execute arbitrary code with SYSTEM privileges.
References: [XFDB-88091] |
| 19227 |
tcp |
applications |
not scanned |
Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.
References: [CVE-2007-3026], [BID-25046] |
| 19234 |
tcp |
applications |
not scanned |
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.
References: [CVE-2016-9157], [BID-94549] |
| 19235 |
tcp |
applications |
not scanned |
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
References: [CVE-2016-9156], [BID-94549] |
| 19283 |
tcp,udp |
keysrvr |
not scanned |
Key Server for SASSAFRAS (IANA official) |
| 19294 |
tcp |
applications |
not scanned |
IANA registered for: Google Talk Voice and Video connections |
| 19295 |
udp |
applications |
not scanned |
IANA registered for: Google Talk Voice and Video connections |
| 19302 |
udp |
voip |
not scanned |
VoIP STUN servers (Session Traversal Utilities for NAT), i.e. IP phones behind a firewall/NAT commonly use UDP port 3470 and 19302
Google Talk, DUO, Hangouts commonly use ports 19302-19308 UDP and 19305-19308 TCP
IANA registered for: Google Talk Voice and Video connections |
| 19303-19308 |
tcp,udp |
voip |
not scanned |
Google Talk, DUO, Hangouts commonly use ports 19302-19308 UDP and 19305-19308 TCP |
| 19315 |
tcp,udp |
keyshadow |
not scanned |
Key Shadow for SASSAFRAS (IANA official) |
| 19334 |
tcp,udp |
malware |
not scanned |
HEUR:Trojan.MSIL.Agent.gen / Information Disclosure - the malware runs an HTTP service on port 19334. Attackers who can reach an infected host can make HTTP GET requests to download and or stat arbitrary files using forced browsing.
References: [MVID-2022-0654] |
| 19340 |
tcp,udp |
trojans |
not scanned |
Backdoor.RemoteNC.B [Symantec-2002-111518-0305-99] (2002.11.15) - a backdoor trojan that allows a hacker to gain access to your system. The hacker can then delete, copy, and execute files and perform other actions. By default it opens port 19340. |
| 19421 |
tcp,udp |
applications |
not scanned |
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.
References: [CVE-2019-13450], [BID-109082]
In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421.
References: [CVE-2019-13449], [XFDB-163500], [XFDB-163501] |
| 19424 |
tcp,udp |
applications |
not scanned |
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.
References: [CVE-2019-13450], [BID-109082], [XFDB-163501] |
| 19535 |
tcp |
malware |
not scanned |
Backdoor.Win32.Freddy.2001 / Authentication Bypass Command Execution - the malware listens on TCP port 19535. Third-party intruders who can reach an infected host can gain access using an empty password and run commands made available by the backdoor using TELNET.
References: [MVID-2022-0486] |
| 19540 |
tcp,udp |
sxuptp |
not scanned |
Belkin Network USB Hub
SXUPTP (IANA official) |
| 19545 |
tcp |
malware |
not scanned |
Backdoor.Win32.Prexot.a / Authentication Bypass - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110. Third-party attackers who can reach an infected system can logon using any username/password combination.
References: [MVID-2022-0484]
Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM) - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110 and accepts any credentials. Third-party intruders who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2022-0485] |
| 19604 |
tcp |
trojan |
Premium scan |
Metal trojan |
| 19605 |
tcp |
trojan |
Premium scan |
Metal trojan |
| 19638 |
tcp |
applications |
not scanned |
Ensim Control Panel |
| 19650 |
tcp |
malware |
not scanned |
Trojan-Proxy.Win32.Ranky.ag / Unauthenticated Open Proxy - the malware listens on TCP port 19650. Third-party attackers who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0269] |
| 19712 |
tcp,udp |
games |
not scanned |
Giants: Citizen Kabuto |
| 19786 |
tcp,udp |
applications |
not scanned |
Risk II |
| 19788 |
udp |
mle |
not scanned |
Mesh Link Establishment [IESG] (IANA official) |
| 19790 |
tcp |
faircom-db |
not scanned |
FairCom Database (IANA official) |
| 19800 |
udp |
applications |
not scanned |
A vulnerability in Mxserver can be exploited to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing network packets. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to UDP port 19800.
References: [SECUNIA-39051]
|
| 19801 |
tcp |
trojans |
Premium scan |
Backdoor.Wnetpols [Symantec-2008-042215-5247-99] (2008.04.22) - a trojan horse that opens a back door on the compromised computer. |
| 19810 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
References: [CVE-2009-2227] |
| 19812 |
tcp |
applications |
not scanned |
4D database SQL Communication |
| 19813 |
tcp |
applications |
not scanned |
4D database Client Server Communication
HP Data Protector Media Operations is vulnerable to a denial of service, caused by a NULL pointer dereference in the DBServer.exe and DBTools.exe programs. By sending a specially-crafted packet to TCP port 19813, a local attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-61751], [BID-43167], [OSVDB-68528] |
| 19814 |
tcp |
applications |
not scanned |
4D database DB4D Communication |
| 19864 |
tcp |
trojan |
Premium scan |
ICQ Revenge trojan |
Shortcuts