| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 22306 |
tcp |
applications |
not scanned |
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
References: [CVE-2018-16224] |
| 22311 |
tcp |
trojans |
Premium scan |
Backdoor.Simali [Symantec-2003-042414-3952-99] - remote access trojan, affects Windows, listens on port 22311 by default. Notifies attacker via email or ICQ. |
| 22333 |
tcp,udp |
showcockpit-net |
not scanned |
IANA registered for: ShowCockpit Networking |
| 22335 |
tcp |
shrewd-control |
not scanned |
Initium Labs Security and Automation Control (IANA official) |
| 22335 |
udp |
shrewd-stream |
not scanned |
Initium Labs Security and Automation Streaming (IANA official) |
| 22345 |
tcp |
applications |
Premium scan |
Wyze cameras use these ports:
80, 443 TCP/UDP - timelapse, cloud uploads, streaming data
8443 TCP - cloud api, server connection
123 TCP - time check
10001 TCP - P2P WiFi live streaming
10002 TCP - Firmware updates
22345 TCP - control, used when live streaming
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).
References: [CVE-2019-9160] |
| 22347 |
tcp,udp |
wibukey |
not scanned |
Siemens Licensing Software for SICAM 230 is vulnerable to a heap-based buffer overflow. By sending a specially-crafted TCP packet to TCP port 22347, a remote attacker could overflow a buffer and execute arbitrary code on the system.
References: [CVE-2018-3991], [XFDB-156948]
WibuKey Standard WkLan (IANA official) |
| 22349 |
tcp |
applications |
not scanned |
Wolfson Microelectronics, WISCEBridge Debug Protocol |
| 22350 |
tcp,udp |
codemeter |
not scanned |
Tom Clancy's Splinter Cell: Conviction uses ports 22350-22380, developer: Ubisoft Montreal
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.
References: [CVE-2011-4057], [BID-51382]
CodeMeter Standard (IANA official) |
| 22380 |
tcp |
games |
not scanned |
Tom Clancy's Splinter Cell: Conviction uses ports 22350-22380, developer: Ubisoft Montreal |
| 22450 |
tcp,udp |
applications |
not scanned |
SiN |
| 22456 |
tcp |
trojans |
Premium scan |
Clandestine trojan
Backdoor.Bla.Trojan [Symantec-2000-121815-1846-99] - opens TCP ports 20331, 22456, 22457 by default. |
| 22457 |
tcp |
trojans |
Premium scan |
AcidShiver trojan
Backdoor.Bla.Trojan [Symantec-2000-121815-1846-99] - opens TCP ports 20331, 22456, 22457 by default. |
| 22537 |
tcp |
caldsoft-backup |
not scanned |
CaldSoft Backup server file transfer [CaldSoft] (IANA official) |
| 22554 |
tcp |
trojan |
Premium scan |
Schwindler trojan horse |
| 22555 |
udp |
vocaltec |
not scanned |
Port used by VocalTec Internet Phone. |
| 22556 |
tcp |
cryptocurrency |
Premium scan |
Dogecoin cryptocurrency uses port 22556.
Common cryptocurrency ports (TCP):
Bitcoin: 8333
Litecoin: 9333
Dash: 9999
Dogecoin: 22556
Ethereum: 30303 |
| 22609 |
tcp |
applications |
not scanned |
exacqVision |
| 22701 |
udp |
applications |
not scanned |
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
References: [CVE-2000-0830], [BID-1671] |
| 22703 |
tcp,udp |
webtv |
not scanned |
WebTV is vulnerable to a DoS exploit on this port that can reboot the machine. |
| 22705 |
udp |
applications |
not scanned |
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
References: [CVE-2000-0830], [BID-1671] |
| 22777 |
tcp |
worm |
not scanned |
W32.Spybot.ATZN [Symantec-2007-082821-0920-99] (2007.08.28) - a worm that spreads by exploiting system vulnerabilities |
| 22783 |
tcp |
trojan |
Premium scan |
Intruzzo trojan [Symantec-2002-051012-5520-99] |
| 22784 |
tcp |
trojans |
Premium scan |
Backdoor-ADM
Intruzzo trojan [Symantec-2002-051012-5520-99]
Backdoor.Renomb [Symantec-2002-090211-1409-99] (2002.09.02) - a backdoor trojan coded in Visual Basic that gives an attacker unauthorized access to an infected computer. By default it opens port 22784 on the compromised computer. |
| 22785 |
tcp |
trojan |
Premium scan |
Intruzzo trojan [Symantec-2002-051012-5520-99] |
| 22793 |
tcp |
vocaltec |
not scanned |
VocalTec Internet Phone - tcp connection to VocalTec servers on this port. |
| 22794 |
tcp |
applications |
not scanned |
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
References: [CVE-2009-2874], [BID-36675] |
| 22845 |
tcp |
trojan |
Premium scan |
Breach trojan |
| 22847 |
tcp |
trojan |
Premium scan |
Breach trojan |
| 23000 |
tcp |
trojan |
Premium scan |
Storm worm |
| 23000 |
udp |
applications |
not scanned |
Gamespy Port (for Internet games), Battlefield Vietnam, Fly For Fun (TCP/UDP) |
| 23001 |
tcp |
trojan |
Premium scan |
Storm worm |
| 23005 |
tcp |
trojans |
Premium scan |
Infinaeon, Oxon, W32.HLLW.Nettrash [Symantec-2004-011310-3331-99]
Backdoor.Platrash [Symantec-2002-101613-3415-99] (2002.10.16) - a trojan horse coded in Visual Basic 6 that can allow unauthorized access to an infected computer. By default, it opens TCP ports 23005 and 23006 to listen for a connection. |
| 23006 |
tcp |
trojans |
Premium scan |
Infinaeon, Oxon, W32.HLLW.Nettrash [Symantec-2004-011310-3331-99]
Backdoor.Platrash [Symantec-2002-101613-3415-99] (2002.10.16) - a trojan horse coded in Visual Basic 6 that can allow unauthorized access to an infected computer. By default, it opens TCP ports 23005 and 23006 to listen for a connection. |
| 23023 |
tcp |
trojan |
Premium scan |
Sometimes used as an alternate to the standard ssh port 23
Some TechniColor routers use this port for ssh using root/root as login
Logged trojan horse |
| 23032 |
tcp |
trojan |
Premium scan |
Amanda trojan |
| 23053 |
tcp |
gntp |
not scanned |
Generic Notification Transport Protocol [Growl Project] (IANA official) |
| 23073 |
tcp,udp |
games |
not scanned |
Soldat |
| 23083 |
tcp |
games |
not scanned |
Soldat |
| 23210 |
tcp,udp |
applications |
not scanned |
Gameday Payoff |
| 23213 |
tcp,udp |
applications |
not scanned |
PowWow VoIP IM chat program by Tribal Voice |
| 23214 |
tcp,udp |
applications |
not scanned |
PowWow by Tribal Voice |
| 23232 |
tcp |
trojan |
Premium scan |
Backdoor.Berbew.J trojan [Symantec-2004-082414-4142-99] - trojan that attempts to steal cached passwords and gather confidential user information by displaying fake windows. Opens a rootshell on port 23232/tcp and FTP server on port 32121/tcp. |
| 23272 |
udp |
s102 |
not scanned |
S102 application |
| 23294 |
tcp |
5afe-dir |
not scanned |
IANA registered for: 5AFE SDN Directory |
| 23294 |
udp |
5afe-disc |
not scanned |
IANA registered for: 5AFE SDN Directory discovery |
| 23321 |
tcp |
trojan |
Premium scan |
Konik trojan |
| 23399 |
tcp,udp |
applications |
not scanned |
Skype Default Protocol |
| 23401 |
tcp |
nvidia |
not scanned |
NvBackend.exe - nVidia GeForce Experience service may listen to ports 23401 and/or 23402 TCP.
IANA registered for: Novar Alarm |
| 23402 |
tcp |
nvidia |
not scanned |
NvBackend.exe - nVidia GeForce Experience service may listen to ports 23401 and/or 23402 TCP.
IANA registered for: Novar Global |
| 23432 |
tcp |
trojans |
Premium scan |
Backdoor.Asylum (05.2000) - remote access trojan, uses ports 81, 2343, 23432 by default. |
| 23435 |
tcp |
trojan |
Premium scan |
Backdoor.Frango [Symantec-2003-101816-5050-99] - a backdoor trojan horse that gives an attacker unauthorized access to a computer. Backdoor.Frango is packed by FSG. It notifies the attacker by ICQ and CGI requests and listens on port 23435 by default.
Trojan.Framar [Symantec-2003-120314-1133-99]
Backdoor.Volac [Symantec-2003-121108-2958-99] - a backdoor trojan horse server that allows unauthorized remote access to an infected system. |
| 23444 |
tcp |
malware |
not scanned |
Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow - Netbull listens on both TCP ports 23444 and 23445, sending a large string of junk chars causes stack corruption overwriting EDX register.
References: [MVID-2021-0035] |
| 23445 |
tcp |
malware |
not scanned |
Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow - Netbull listens on both TCP ports 23444 and 23445, sending a large string of junk chars causes stack corruption overwriting EDX register.
References: [MVID-2021-0035] |
| 23456 |
tcp |
trojans |
Members scan |
Common sequence of numbers "2 3 4 5 6" often used as default port by some programs and trojans.
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS)
Trojans/backdoors that use this port: Evil FTP, Ugly FTP, WhackJob
An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
References: [CVE-2019-18382], [XFDB-170155]
Backdoor.Win32.NetBull.11.b / Remote Buffer Overflow - NetBull.11.b listens on both TCP ports 23456 and 23457, sending a large junk packet results in buffer overflow overwriting stack registers.
References: [MVID-2021-0066] |
| 23456 |
udp |
games |
not scanned |
Flight Simulator 2004 |
| 23457 |
tcp,udp |
games |
not scanned |
Deer Hunter 2004
Backdoor.Win32.NetBull.11.b / Remote Buffer Overflow - NetBull.11.b listens on both TCP ports 23456 and 23457, sending a large junk packet results in buffer overflow overwriting stack registers.
References: [MVID-2021-0066]
|
| 23458 |
tcp |
applications |
not scanned |
Deer Hunter 2005 |
| 23472 |
tcp |
applications |
not scanned |
HP Diagnostics Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the magentservice.exe. By sending an overly long string to port 23472 TCP, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges or cause the application to crash.
References: [XFDB-72363], [BID-51398], [EDB-18423] |
| 23476 |
tcp |
trojans |
Premium scan |
Donald Dik Trojan - backdoor trojan similar to BlackOrifice, affects Windows 9x/NT, opens a backdoor and listens for remote commands on ports 23476/tcp and 23477/tcp.
|
| 23477 |
tcp |
trojans |
Premium scan |
Donald Dik Trojan - backdoor trojan similar to BlackOrifice, affects Windows 9x/NT, opens a backdoor and listens for remote commands on ports 23476/tcp and 23477/tcp. |
| 23513 |
tcp,udp |
applications |
not scanned |
Duke Nukem Ports |
| 23523 |
tcp |
trojans |
Premium scan |
W32.Mytob.KM@mm [Symantec-2005-101214-2941-99] - a mass-mailing worm with backdoor capabilities, that also lowers security settings on the compromised computer. Opens a backdoor by connecting to rax.oucihax.info and listens for remote commands on port 23523/tcp. |
| 23546 |
tcp |
areaguard-neo |
not scanned |
AreaGuard Neo - WebServer [SODATSW spol] (IANA official) |
| 23556 |
tcp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23560 |
tcp |
prtg |
Premium scan |
Paessler PRTG Remote Probe uses port 2356.
Backdoor.Sparta.D [Symantec-2005-093012-4729-99] - backdoor trojan that can be controlled by a remote attacker via IRC channels, uses port 23560/tcp. |
| 23656 |
tcp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23666 |
tcp |
trojans |
Premium scan |
Backdoor.Beasty.F [Symantec-2003-040209-5622-99] - a trojan that allows for remote control, listens on port TCP 23666 on your computer. |
| 23732 |
tcp,udp |
applications |
not scanned |
Canasis Canasta |
| 23733 |
tcp,udp |
applications |
not scanned |
Canasis Canasta |
| 23756 |
tcp |
cisco |
not scanned |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23777 |
tcp |
trojan |
Premium scan |
InetSpy |
| 24000 |
tcp |
trojans |
Premium scan |
Infector trojan (1999.04) - affects Windows 9x (ICQ). Uses ports 146, 1208, 17569, 24000, 30000
Apple med-ltp web service (with performance cache) uses the range 24000-24999/tcp. |
| 24004 |
tcp |
med-ovw |
not scanned |
EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004.
References: [CVE-2012-1810]
med-ovw (IANA official) |
| 24006 |
tcp |
applications |
not scanned |
EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006.
References: [CVE-2012-1811] |
| 24013 |
tcp,udp |
games |
not scanned |
Battle for the Universe, developer: Misty Software LLP |
| 24032 |
tcp,udp |
applications |
not scanned |
Cu-SeeMe White Pine |
| 24279 |
tcp |
med-ltp |
not scanned |
Apple web service with performance cache |
| 24289 |
tcp |
trojan |
Premium scan |
Backdoor.Latinus [Symantec-2002-060710-5206-99] - remote access trojan, afects Windows 9x/ME/NT/2k/XP, opens TCP port 11831/tcp for direct control, 29559/tcp for file transfer, may also use ports 21957/tcp, 24289/tcp, 29559/tcp.
|
| 24307 |
tcp |
trojan |
Premium scan |
Wildek trojan |
| 24322 |
udp |
hid |
not scanned |
Transport of Human Interface Device data streams [Freebox_SAS] (IANA official) |
| 24323 |
tcp |
vrmg-ip |
not scanned |
IANA registered for: Verimag mobile class protocol over TCP |
| 24444 |
tcp,udp |
applications |
not scanned |
NetBeans integrated development environment |
| 24465 |
tcp,udp |
tonidods |
not scanned |
Tonido Directory Server for Tonido which is a Personal Web App and P2P platform (IANA official) |
| 24554 |
tcp,udp |
binkp |
not scanned |
Airburst - Freeverse Software
IANA registered for: BINKP |
| 24596 |
tcp,udp |
games |
not scanned |
Active Lancer, developer: De Software |
| 24666 |
tcp |
sdtvwcam |
not scanned |
Service used by SmarDTV to communicate between a CAM and a second screen application (IANA official) |
| 24676 |
tcp,udp |
canditv |
not scanned |
Canditv Message Service |
| 24681 |
tcp |
trojans |
Premium scan |
Backdoor.Lowtaper [Symantec-2004-101411-3637-99] - remote access trojan, affects Windows, uses ports 24681/tcp and 10104/udp |
| 24726 |
tcp |
flipshare |
not scanned |
FlipShare Server uses ports 24726 and 24727 TCP. |
| 24727 |
|
flipshare |
not scanned |
FlipShare Server uses ports 24726 and 24727 TCP. |
| 24754 |
tcp |
cslg |
not scanned |
Citrix StorageLink Gateway |
| 24800 |
tcp,udp |
applications |
not scanned |
Synergy: keyboard/mouse sharing software |
| 24842 |
tcp,udp |
applications |
not scanned |
StepMania: Online: Dance Dance Revolution Simulator |
| 24850 |
udp |
assoc-disc |
not scanned |
Device Association Discovery [Microsoft Corporation] (IANA official) |
| 24960 |
tcp,udp |
applications |
not scanned |
CQPhone |
| 24961 |
tcp,udp |
applications |
not scanned |
CQPhone |
| 24962 |
tcp,udp |
applications |
not scanned |
CQPhone |
| 24999 |
tcp |
med-ltp |
not scanned |
med-ltp web service (with performance cache) uses the range 24000-24999 tcp. |
| 25000 |
tcp |
applications |
not scanned |
Teamware Office standard client connection |
