| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 32811 |
tcp |
retp |
not scanned |
IANA registered for: Real Estate Transport Protocol |
| 32879 |
tcp |
malware |
not scanned |
Trojan-Proxy.Win32.Ranky.gen / Unauthenticated Open Proxy - the malware listens on TCP port 32879. Third-party attackers who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0284] |
| 32887 |
tcp |
applications |
not scanned |
Ace of Spades game |
| 32912 |
tcp |
applications |
not scanned |
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.
References: [CVE-2022-29875] |
| 32914 |
tcp |
applications |
not scanned |
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.
References: [CVE-2022-29875] |
| 32976 |
tcp |
applications |
not scanned |
Hamachi |
| 32982 |
tcp |
trojans |
not scanned |
Solaris.Wanukdoor [Symantec-2007-022810-0202-99] - a trojan horse that opens a back door on the compromised computer. |
| 33000 |
tcp |
wg-endpt-comms |
not scanned |
IANA registered for: WatchGuard Endpoint Communications |
| 33001 |
tcp,udp |
aspera |
not scanned |
Aspera uses the following ports:
33001 tcp (SSH, older versions used port 22)
33001 udp (fasp)
40001 tcp (Aspera Central)
4406 tcp (outbound logging)
Aspera servers may also have to open a range of ports for concurrent transfers, e.g. 33002-33010 udp. HTTP and/or HTTPS ports 80 and 443 are used for the web ui. |
| 33060 |
udp |
games |
not scanned |
Wolfenstein uses ports 33060-33070, developer: Raven Software |
| 33060 |
tcp |
mysqlx |
not scanned |
MySQL Database Extended Interface (IANA official) |
| 33070 |
udp |
games |
not scanned |
Wolfenstein uses ports 33060-33070, developer: Raven Software |
| 33221 |
tcp |
cortex |
not scanned |
Cortex XDR (Paloaltonetworks) uses port 33221 as the default P2P content update distribution port for their security agents
Cortex Data Lake (Paloaltonetworks) and Panorama Connect use ports 444 and 3978 for logging
|
| 33270 |
tcp |
trojan |
Premium scan |
Trinity trojan |
| 33291 |
tcp |
trojan |
Premium scan |
RemoteHak trojan |
| 33308 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.gmug / Heap Corruption - the malware listens on TCP port 33308, third-party attackers who can reach the server can send a specially crafted payload causing a heap corruption.
References: [MVID-2021-0194] |
| 33322 |
tcp |
trojans |
Premium scan |
Trojan.Lodeight.B [Symantec-2006-012514-0019-99] - trojan horse that attempts to download a W32.Beagle variant and opens a backdoor on the compromised computer. Opens a backdoor and listens for remote commands on port 33322/tcp. |
| 33330 |
udp |
applications |
not scanned |
FMAudit - a software application for automating meters, status, and service alerts on printers, copiers and MFP's. |
| 33333 |
tcp |
trojans |
Members scan |
W32.Zotob.C@mm [Symantec-2005-081516-4417-99] - a mass-mailing worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It connects to IRC servers and listens for remote commands on port 8080/tcp. It also opens an FTP server on port 33333/tcp. Same ports are used by the W32.Zotob.A and W32.Zotob.B variants of the worm as well.
Backdoor.Selka [Symantec-2004-111222-0435-99] - backdoor program, affects Windows, listens on port 33333.
Other trojans/backdoors that also use this port: Blakharaz, Prosiak
Port is IANA registered for Digital Gaslight Service. |
| 33334 |
udp |
games |
not scanned |
Empire Earth
IANA registered for: SpeedTrace TraceAgent Discovery |
| 33334 |
tcp |
speedtrace |
not scanned |
IANA registered for: SpeedTrace TraceAgent |
| 33335 |
tcp |
games |
not scanned |
Empire Earth |
| 33336 |
tcp |
games |
not scanned |
Empire Earth |
| 33390 |
tcp |
trojan |
Premium scan |
Unknown Trojan |
| 33434-33523 |
udp |
traceroute |
not scanned |
incoming traceroute - under Unix-like operating systems, the traceroute utility uses User Datagram Protocol (UDP) datagrams with destination port numbers from 33434 to 33534 by default. Under Windows, the tracert command sends ICMP requests.
Cisco Webex Teams services uses these ports:
443,444,5004 TCP
53, 123, 5004, 33434-33598 UDP (SIP calls) |
| 33434 |
tcp,udp |
traceroute |
Premium scan |
Cisco Spark application (Cisco Webex Teams services) uses these ports:
443, 8443 TCP - signaling
5004 TCP/UDP - media
33434 TCP/UDP - media port
Note: older versions of Cisco Webex Teams services may use these additional ports: 53, 123, 444 TCP and 33434-33598 UDP (SIP calls)
Noction BGP Routers use port 33434 by default
IANA registered for: traceroute |
| 33545 |
tcp |
trojan |
Premium scan |
G.R.O.B. trojan |
| 33567 |
tcp |
trojans |
Premium scan |
Lion, T0rn Rootkit |
| 33568 |
tcp |
trojans |
Premium scan |
Lion, T0rn Rootkit |
| 33577 |
tcp |
trojan |
Members scan |
Son of PsychWard trojan |
| 33777 |
tcp |
trojan |
Members scan |
Son of PsychWard trojan
Backdoor.Win32.Psychward.c / Unauthenticated Remote Command Execution - the malware listens on TCP port 33777. Remote attackers who can reach infected systems can execute commands made available by the backdoor.
References: [MVID-2021-0218] |
| 33848 |
udp |
applications |
not scanned |
Jenkins Remote access API and Auto-Discovery
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
References: [CVE-2020-2100] |
| 33890 |
tcp |
digilent-adept |
not scanned |
IANA registered for: Adept IP protocol |
| 33911 |
tcp |
trojan |
Members scan |
Spirit 2001a trojan horse |
| 33982 |
tcp,udp |
applications |
not scanned |
Dezta software |
| 34000 |
udp |
games |
not scanned |
Cossacks uses ports 34000-34005 (UDP)
Heroes of Annihilated Empires also uses ports 34000-34005 (TCP/UDP) |
| 34005 |
udp |
games |
not scanned |
Cossacks uses ports 34000-34005 (UDP)
Heroes of Annihilated Empires also uses ports 34000-34005 (TCP/UDP) |
| 34012 |
tcp,udp |
applications |
not scanned |
Access Remote PC |
| 34100 |
tcp,udp |
|
not scanned |
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.
References: [CVE-2018-12640]
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.
References: [CVE-2018-11560] |
| 34197 |
udp |
games |
not scanned |
Factorio, a multiplayer survival and factory-building game |
| 34210 |
tcp |
games |
not scanned |
TCP 34210 is used by DragonBall Z Legends game (Android) |
| 34251 |
udp |
worm |
not scanned |
W32.HLLW.Manex [Symantec-2002-111111-2931-99] - a worm coded in Delphi and C++. It spreads to shares of computers whose IP addresses start with 188.1 (addresses corresponding to hosts on the dfn.de network at the time). |
| 34271 |
tcp,udp |
applications |
not scanned |
Remuco remote control for media players |
| 34297 |
udp |
games |
not scanned |
F1 Challenge 99-02, rFactor (TCP/UDP)
Multiple buffer overflows in Image Space rFactor 1.250 and earlier allow remote attackers to execute arbitrary code via a packet with ID 0x80 or 0x88 to UDP port 34297, related to the buffer containing the server version number.
References: [CVE-2007-4444], [BID-25358] |
| 34312 |
tcp |
trojan |
Premium scan |
Delf trojan |
| 34313 |
tcp |
trojan |
Premium scan |
Delf trojan |
| 34324 |
tcp |
trojans |
Premium scan |
Port used by BigGluck aka TN, Tiny Telnet Server. |
| 34330 |
tcp |
trojans |
Premium scan |
W32.Myfip.AB [Symantec-2005-040810-5834-99] - network aware worm that steals files from compromised computers. Sends files to a remote server on port 34330/tcp. |
| 34343 |
tcp |
trojan |
Premium scan |
Osiris trojan |
| 34397 |
udp |
games |
not scanned |
F1 Challenge 99-02, rFactor (TCP/UDP)
The gMotor2 engine and multiple games implementing the affected engine, including rFactor, are vulnerable to a denial of service, caused by the improper handling of packets with IDs equal to 0x20 or 0x28. By sending a specially-crafted packet, a remote attacker could prevent a connection to UDP port 34397, resulting in a denial of service.
References: [BID-25358], [CVE-2007-4445], [XFDB-36095] |
| 34443 |
tcp,udp |
applications |
not scanned |
Linksys PSUS4 print server |
| 34444 |
tcp |
trojan |
Premium scan |
Donald Dik trojan |
| 34447 |
tcp |
games |
not scanned |
F1 Challenge 99-02, rFactor (TCP/UDP) |
| 34555 |
udp |
trojan |
Premium scan |
Trin00 (DDoS attack tools) a.k.a. Trinoo and tribe flood network (TFN) use these ports: 27665/tcp (master control port), 27444/udp, 34555/udp, 35555/udp. See also CERT: IN-99-07 |
| 34567 |
tcp |
dhanalakshmi |
not scanned |
dhanalakshmi.org EDI Service
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.
References: [CVE-2022-45045] |
| 34570 |
udp |
adaptec |
not scanned |
Adaptec Storage Manager |
| 34571 |
tcp |
serveraid |
not scanned |
ServeRAID Manager
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via a "bubba" local user account, an open TCP port 34571, or when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.
References: [CVE-2003-0983] |
| 34572 |
tcp |
applications |
not scanned |
ServeRAID Manager
IBM Director 5.10 |
| 34763 |
tcp |
trojan |
Premium scan |
Infector trojan |
| 34987 |
udp |
games |
not scanned |
Rise of Nations |
| 35000 |
tcp |
trojan |
Premium scan |
Infector trojan
Vgate iCar 2 WiFi OBD2 Dongle could allow a remote attacker to gain unauthorized access to the system, caused by the a flaw in the On-board Diagnostics. By accessing the port 35000 on the wireless access point of the OBD device, an attacker could exploit this vulnerability to gain access to the system.
References: [CVE-2018-11478], [XFDB-143959] |
| 35100 |
tcp,udp |
axio-disc |
not scanned |
IANA registered for: Axiomatic discovery protocol |
| 35110-35112 |
tcp,udp |
vma |
not scanned |
Citrix VMAgent/GuestAgent discovery ports: 35110-35112 TCP/UDP |
| 35332 |
tcp,udp |
bribble |
not scanned |
Bribble Chat |
| 35354 |
tcp |
kitim |
not scanned |
KIT Messenger |
| 35355 |
tcp |
altova-lm |
not scanned |
Altova License Management |
| 35355 |
udp |
altova-lm-disc |
not scanned |
Altova License Management Discovery |
| 35356 |
tcp |
guttersnex |
not scanned |
Gutters Note Exchange [Squee Application Development] (IANA official) |
| 35357 |
tcp |
openstack-id |
not scanned |
OpenStack ID Service [Rackspace Hosting] (IANA official) |
| 35555 |
udp |
trojan |
not scanned |
Trin00 (DDoS attack tools) a.k.a. Trinoo and tribe flood network (TFN) use these ports: 27665/tcp (master control port), 27444/udp, 34555/udp, 35555/udp. See also CERT: IN-99-07 |
| 35600 |
tcp |
trojan |
Premium scan |
SubSARI trojan [Symantec-2003-030315-2821-99] |
| 35621 |
tcp,udp |
urbackup |
not scanned |
UrBackup (open source network backup system) uses these ports:
35621-35623 TCP/UDP - client broadcasts and data backups
55413-55415 TCP - server HTTP and FastCGI ports |
| 35622 |
tcp,udp |
urbackup |
not scanned |
UrBackup (open source network backup system) uses these ports:
35621-35623 TCP/UDP - client broadcasts and data backups
55413-55415 TCP - server HTTP and FastCGI ports |
| 35623 |
tcp,udp |
urbackup |
not scanned |
UrBackup (open source network backup system) uses these ports:
35621-35623 TCP/UDP - client broadcasts and data backups
55413-55415 TCP - server HTTP and FastCGI ports |
| 36183 |
tcp |
trojan |
Premium scan |
Backdoor.Lifefournow trojan [Symantec-2004-122817-3943-99] |
| 36311 |
tcp |
trojans |
Premium scan |
W32.Mytob.FX@mm [Symantec-2005-062313-5401-99] - mass-mailing worm that opens a backdoor and listens for remote commands on port 36311/tcp, also runs an FTP server on port 10099/tcp. |
| 36330 |
tcp |
applications |
not scanned |
Folding@home Control Port |
| 36412 |
sctp |
s1-control |
not scanned |
S1-Control Plane (3GPP) |
| 36422 |
sctp |
x2-control |
not scanned |
X2-Control Plane (3GPP) |
| 36423 |
sctp |
slmap |
not scanned |
SLm Interface Application Protocol (IANA official) |
| 36424 |
sctp |
nq-ap |
not scanned |
Nq and Nq' Application Protocol (IANA official) |
| 36443 |
sctp |
m2ap |
not scanned |
IANA registered for: M2 Application Part |
| 36444 |
sctp |
m3ap |
not scanned |
IANA registered for: M3 Application Part |
| 36462 |
sctp |
xw-control |
not scanned |
Xw-Control Plane (3GPP) (IANA official) |
| 36475 |
tcp,udp |
beebeep |
not scanned |
BeeBEEP - an open source, peer to peer, LAN chat messenger uses ports 6475/tcp (chat), 6476/tcp (file transfers) and 36475/udp. |
| 36524 |
tcp |
febooti-aw |
not scanned |
IANA registered for: Febooti Automation Workshop |
| 36567 |
tcp,udp |
games |
not scanned |
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp |
| 36794 |
tcp |
trojans |
Premium scan |
W32.Bugbear@mm [Symantec-2002-093007-2144-99] - mass-mailing worm, also spreading through network shares, affects Windows. The worm also attempts to terminate the processes of various antivirus and firewall programs and opens a backdoor service on port 36794. |
| 36963 |
udp |
applications |
not scanned |
Any of the USGN online games, most notably Counter Strike 2D multiplayer (2D clone of popular CounterStrike computer game) |
| 36987 |
tcp,udp |
robocode |
not scanned |
Robocode - an educational game, intended to help gamers learn Java programming. |
| 37000 |
udp |
applications |
not scanned |
The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, a.k.a. Bug ID CSCsj47924.
References: [CVE-2009-2045] [SECUNIA-35542] |
| 37008 |
udp |
applications |
not scanned |
TZSP intrusion detection |
| 37020 |
udp |
applications |
Premium scan |
SADP (Search Active Device Protocol) - used by Hickvision software for service discovery of online IP cameras and NVRs.
SADP protocol is similar to WSD (Web Service Dynamic Discovery) and SSDP/UPnP (Simple Service Discovery Protocol/Universal Plug and Play). Hikvision SADP is subject to DDoS Reflection Amplification attack. |
| 37031 |
udp |
malware |
not scanned |
Trojan-Dropper.Win32.Delf.da / Remote Stack Buffer Overflow (UDP Datagram) - Delf.da malware listens on UDP port 37031. Adversaries who can reach the infected system can send a payload of just 999 bytes and trigger a classic stack buffer overflow. This will overwrite ECX and EIP stack registers potentially allowing control of the malwares execution flow.
References: [MVID-2021-0137] |
| 37215 |
tcp,udp |
applications |
not scanned |
Huawei HG532 routers could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the /icon/ path containing "dot dot" sequences (/../) in the port 37215 to view arbitrary files on the system.
References: [CVE-2015-7254], [XFDB-107944]
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
References: [CVE-2017-17215], [BID-102344] |
| 37237 |
tcp |
trojan |
Premium scan |
Mantis trojan |
| 37266 |
tcp |
trojan |
Premium scan |
The Killer Trojan |
| 37472 |
sctp |
3gpp-w1ap |
not scanned |
IANA registered for: W1 signalling transport |
| 37483 |
tcp |
gdrive-sync |
not scanned |
Google Drive Sync (IANA official) |
| 37651 |
tcp |
trojan |
Premium scan |
YAT |
Shortcuts