| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 44123 |
tcp |
z-wave-s |
not scanned |
Z-Wave Secure Tunnel [Sigma Designs Inc] (IANA official) |
| 44280 |
tcp |
trojans |
Premium scan |
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551. |
| 44323 |
udp |
pcp |
not scanned |
IANA registered for: Port Control Protocol |
| 44333 |
tcp,udp |
applications |
not scanned |
Kerio MailServer, Kerio Personal Firewall, and Kerio WinRoute Firewall are vulnerable to a denial of service attack. A remote attacker, with access to the administration ports, 44333, 44334, and 44337 could send specially-crafted data to exceed the amount of connections allowed, resulting in a denial of service.
References: [BID-13458], [CVE-2005-1063], [XFDB-20337] |
| 44334 |
tcp,udp |
tiny firewall |
Members scan |
Remote administration port used by Tiny Personal Firewall, and Kerio Personal firewall.
There is a possible exploit in Kerio Personal Firewall using this port: SecuriTeam 5HP0A2AA1Y
Also Kerio personal firewall has hidden "Internal Traffic Rules" that allow for open ports not being displayed in the GUI.
A remote attacker, with access to the administration ports, 44333, 44334, and 44337 could send specially-crafted data to exceed the amount of connections allowed, resulting in a denial of service.
References: [BID-13458], [CVE-2005-1063], [XFDB-20337] |
| 44337 |
tcp,udp |
applications |
not scanned |
Kerio MailServer, Kerio Personal Firewall, and Kerio WinRoute Firewall are vulnerable to a denial of service attack. A remote attacker, with access to the administration ports, 44333, 44334, and 44337 could send specially-crafted data to exceed the amount of connections allowed, resulting in a denial of service.
References: [BID-13458], [CVE-2005-1063], [XFDB-20337] |
| 44390 |
tcp |
trojans |
Premium scan |
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551. |
| 44405 |
tcp,udp |
applications |
not scanned |
Mu Online |
| 44444 |
tcp |
trojan |
Members scan |
Prosiak trojan
Cognex DataMan Management Protocol [Cognex] (IANA official)
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776.
References: [CVE-2013-3388] |
| 44445 |
tcp |
acronis-backup |
not scanned |
Acronis Backup Gateway service port (IANA registered)
Malware: W32.Kibuv |
| 44488 |
tcp,udp |
applications |
not scanned |
BackupStream |
| 44490 |
tcp,udp |
applications |
not scanned |
BAckNBiz |
| 44501 |
tcp |
kerio |
Members scan |
Port used by Kerio Personal Firewall pop-up blocking.
There is a script that sends information on this port about blocked pages. Also, reportedly Kerio personal firewall has "Internal traffic rules" for open ports not displayed in the GUI. |
| 44544 |
udp |
domiq |
not scanned |
DOMIQ Building Automation [DOMIQ Sp zoo] (IANA official) |
| 44575 |
tcp |
trojan |
Premium scan |
Exploiter trojan |
| 44600 |
udp |
asihpi |
not scanned |
IANA registered for: AudioScience HPI |
| 44624 |
udp |
games |
not scanned |
Virtual Tennis, developer: Strangelite |
| 44767 |
tcp,udp |
trojan |
not scanned |
School Bus trojan |
| 44818 |
tcp,udp |
ethernetip |
not scanned |
Rockwell Encapsulation
Cognex In-Signt (IANA official) uses these ports:
68 udp - DHCP In-Signt vision system only
502 tcp - Modbus
1069 tcp/udp - In-Sight
1070 tcp - machine status data
2222 udp - Ethernet IP
5753 tcp - audit message server
44818 tcp/udp - Ethernet IP
51069 tcp - In-Sight secure
IANA registered for EtherNet/IP messaging
Cisco IOS is vulnerable to a denial of service, caused by an error within the Common Industrial Protocol (CIP) feature when processing malicious packets. By sending specially-crafted IPv4 packets destined to TCP port 44818, a remote attacker could exploit this vulnerability to cause the device to reload.
References: [CVE-2015-0649], [XFDB-101804]
Rockwell Automation ControlLogix is vulnerable to a denial of service, caused by the improper validation of input being sent to the buffer. By sending a specially-crafted CIP message to TCP and UDP ports 2222 and 44818, a remote attacker could exploit this vulnerability to cause the CPU to stop logic execution and enter a denial of service.
References: [XFDB-81235]
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
References: [CVE-2018-14829]
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
References: [CVE-2018-14827]
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.
References: [CVE-2018-14821]
Tec4Data SmartCooler is vulnerable to a denial of service, caused by missing authentication for a critical function. By sending a specially crafted CIP packet to Port 44818, a remote attacker could exploit this vulnerability to cause a denial of service.
References: [CVE-2018-14796], [XFDB-150211] |
| 44900 |
tcp,udp |
m3da |
not scanned |
M3DA is used for efficient machine-to-machine communications [Eclipse Foundation] (IANA official) |
| 45000 |
tcp |
cisco-ids |
not scanned |
CiscoSecure IDS communication
Monitoring Protocol data transfer NSi AutoStore Status [Notable Solutions Inc] (IANA official) |
| 45000 |
udp |
games |
not scanned |
Brothers in Arms: Road To Hill 30, Heroes of Might and Magic V
Monitoring Protocol device, monitoring NSi AutoStore Status [Notable Solutions Inc] (IANA official) |
| 45001 |
udp |
games |
not scanned |
Brothers in Arms: Road To Hill 30 |
| 45001 |
tcp |
asmps |
not scanned |
Monitoring Protocol secure data transfer [Notable Solutions Inc] (IANA official) |
| 45002 |
tcp |
rs-status |
not scanned |
Redspeed Status Monitor (IANA official) |
| 45054 |
tcp,udp |
invision-ag |
not scanned |
InVision AG |
| 45092 |
tcp |
trojan |
Premium scan |
BackGate Kit |
| 45100 |
tcp,udp |
applications |
not scanned |
Limewire client magnet, Azureus |
| 45185 |
tcp,udp |
witsnet |
not scanned |
Wire and Wireless transfer on synchroniz (IANA official) |
| 45395 |
udp |
whatsapp |
not scanned |
WhatsApp uses these ports:
80, 443, 4244, 5222, 5223, 5228, 5242 TCP
50318, 59234 TCP/UDP
3478, 45395 UDP
|
| 45454 |
tcp |
trojan |
Premium scan |
Osiris trojan |
| 45456 |
tcp |
httptoolkit |
not scanned |
HTTP Toolkit (https://httptoolkit.tech) uses ports 45456/tcp and 45457/tcp as part of its internal communication and management API |
| 45457 |
tcp |
httptoolkit |
not scanned |
HTTP Toolkit (https://httptoolkit.tech) uses ports 45456/tcp and 45457/tcp as part of its internal communication and management API |
| 45514 |
tcp |
cloudcheck |
not scanned |
IANA registered for: ASSIA CloudCheck WiFi Management System |
| 45514 |
udp |
cloudcheck-ping |
not scanned |
IANA registered for: ASSIA CloudCheck WiFi Management keepalive |
| 45559 |
tcp |
trojan |
Premium scan |
Maniac rootkit trojan |
| 45631 |
tcp |
applications |
not scanned |
Air Video |
| 45632 |
tcp |
trojan |
Premium scan |
Little Witch trojan |
| 45672 |
tcp |
trojans |
Premium scan |
Backdoor.Delf.F [Symantec-2003-040117-4857-99] backdoor trojan that gives a hacker access to your computer. By default, it opens TCP ports 25226 and 45672. The existence of the file Svced.exe is an indication of a possible infection. |
| 45673 |
tcp |
trojans |
Premium scan |
Backdoor.Acropolis [Symantec-2001-021616-0142-99] remote access trojan, affects Windows, listens on TCP ports 32791, 45673. |
| 45678 |
tcp,udp |
eba |
not scanned |
EBA PRISE |
| 45682 |
tcp,udp |
applications |
not scanned |
pseudo-default uTorrent port |
| 45824 |
tcp |
dai-shell |
not scanned |
Server for the DAI family of client-server products [Data Access Inc] (IANA official) |
| 45836 |
tcp,udp |
worm |
not scanned |
W32.HLLW.Graps [Symantec-2003-070717-0814-99] - a network-aware worm with backdoor capabilities. By default, it opens port 45836 for listening. The worm copies itself to available network shares by connecting with weak passwords. |
| 45869 |
tcp |
hydrus |
not scanned |
Hydrus Network client API default port |
| 45966 |
tcp,udp |
ssr-servermgr |
not scanned |
SSRServerMgr |
| 46000 |
tcp,udp |
games |
not scanned |
Strike Fighters Project 1, developer: Third Wire |
| 46318 |
tcp |
applications |
not scanned |
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318.
References: [CVE-2024-39704] |
| 46336 |
tcp |
inedo |
not scanned |
IANA registered for: Inedo agent communication |
| 46440 |
udp |
games |
not scanned |
Scrabble Complete |
| 46626 |
tcp |
trojan |
Premium scan |
Psychward [Symantec-2001-052208-1840-99] - trojan with backdoor capabilities. |
| 46631 |
tcp |
games |
not scanned |
Hedgewars game |
| 46666 |
tcp,udp |
trojan |
not scanned |
Taskman trojan |
| 46823 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
References: [CVE-2011-0517], [BID-45813], [EDB-15992] |
| 46824 |
tcp |
applications |
not scanned |
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.
References: [CVE-2012-4358] [SECUNIA-49395]
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information.
References: [CVE-2012-3815] [BID-53811] [OSVDB-82654] [SECUNIA-49395] |
| 46882 |
tcp |
trojan |
Premium scan |
Psychward [Symantec-2001-052208-1840-99] - trojan with backdoor capabilities. |
| 46998 |
tcp |
sp-remotetablet |
not scanned |
Connection between a desktop computer or server and a signature tablet to capture handwritten signatures [SOFTPRO GmbH] (IANA official) |
| 47000 |
tcp,udp |
mbus |
not scanned |
Message Bus |
| 47001 |
tcp |
winrm |
not scanned |
Windows Remote Management Service |
| 47017 |
tcp |
trojan |
Premium scan |
T0rn Rootkit trojan |
| 47100 |
udp |
jvl-mactalk |
not scanned |
Configuration of motors connected to Industrial Ethernet [JVL_Industri_Elektronik] (IANA official) |
| 47141 |
tcp,udp |
applications |
not scanned |
Dartpro |
| 47252 |
tcp |
trojan |
Premium scan |
Delta Source trojan |
| 47262 |
udp |
trojan |
not scanned |
Delta Source trojan |
| 47387 |
tcp |
trojans |
Premium scan |
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551. |
| 47545 |
udp |
canon |
not scanned |
Canon printers management console uses these ports (in addition to standard ports 25, 80, 110, 137, 389, 443, etc.):
427 UDP - SLP multicast discovery
5355 TCP/UDP - LLMNR device discovery for SNMP, SLP
8000, 8080 TCP - UI HTTP access
11427 UDP - device sleep notifications
47545 UDP - communication with devices
47547 TCP - communication with devices |
| 47547 |
tcp |
canon |
not scanned |
Canon printers management console uses these ports (in addition to standard ports 25, 80, 110, 137, 389, 443, etc.):
427 UDP - SLP multicast discovery
5355 TCP/UDP - LLMNR device discovery for SNMP, SLP
8000, 8080 TCP - UI HTTP access
11427 UDP - device sleep notifications
47545 UDP - communication with devices
47547 TCP - communication with devices
|
| 47557 |
tcp,udp |
dbbrowse |
not scanned |
Databeam Corporation |
| 47611 |
tcp,udp |
games |
not scanned |
Vindictus MMORPG (devCAT) uses ports 47611 tcp/udp and 27000-27025 tcp/udp |
| 47624 |
tcp,udp |
applications |
not scanned |
Battlecom, Age of Empires II, MechCommander 2, Star Wars Galactic Battlegrounds, Flight Simulator 2002 (TCP), Total Annihilation (TCP), Stronghold Crusader (TCP), Cossacks (TCP).
Spiral Knights uses ports 47624-47634.
IANA registered for Direct Play Server. |
| 47626 |
udp |
games |
not scanned |
Sudden Strike |
| 47634 |
tcp,udp |
games |
not scanned |
Spiral Knights uses ports 47624-47634 |
| 47698 |
tcp |
trojan |
Premium scan |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 47785 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 47800 |
tcp,udp |
applications |
not scanned |
Outpost 2 Divided Destiny
Infostealer.Reoxtan [Symantec-2005-090511-5408-99] - a trojan horse program that attempts to steal user names, passwords, and other computer information. It also attempts to lower security settings on the compromised computer. |
| 47806 |
tcp,udp |
ap |
not scanned |
ALC Protocol |
| 47808 |
tcp,udp |
bacnet |
not scanned |
The BACNet Test Server is vulnerable to a denial of service (DoS) vulnerability when sending malformed BVLC Length UDP packet to port 47808 causing the application to crash.
References: [EDB-48860]
IANA registered for: Building Automation and Control Networks |
| 47837 |
udp |
games |
not scanned |
Will Rock, developer: Saber Interactive |
| 47885 |
tcp |
malware |
not scanned |
Backdoor.Win32.Indexer.a / Hardcoded Weak Credentials - Indexer.a backdoor runs an FTP server that listens on TCP port 47885 and uses several weak hardcoded credentials "Ronald Reagen", "Boris Becker", "Donald Duck". The credentials can be easily veiwed in the binary using strings util. This can allow anyone with up front knowledge to logon to the infected system.
References: [MVID-2021-0091] |
| 47891 |
tcp |
trojans |
Premium scan |
Backdoor.AntiLam [Symantec-2002-060715-0902-99], a.k.a. AntiLamer backdoor - remote access trojan, affects Windows, listens on TCP ports 29559 and 47891, may also use port 29999.
Backdoor.Win32.Antilam.14.o / Unauthenticated Remote Command Execution - the malware listens on TCP ports 47891, 29559. Third party attackers who can reach infected systems can execute commands made available by the backdoor. Netcat utility worked the best for running commands, which are supplied as numeric values or hex characters. The values sent correspond to different commands mapped in the backdoor. Commands are typically three digits e.g. 001 and perform various actions on the infected host.
References: [MVID-2021-0379] |
| 48000 |
tcp,udp |
nimcontroller |
not scanned |
World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.
References: [CVE-2008-6713], [BID-29888]
Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000.
References: [CVE-2007-5711] [OSVDB-39019] [SECUNIA-27417]
Port is also IANA registered for Nimbus Controller. |
| 48001 |
tcp,udp |
nimspooler |
not scanned |
Nimbus Spooler |
| 48002 |
tcp,udp |
nimhub |
not scanned |
Nimbus Hub |
| 48003 |
tcp,udp |
nimgtw |
not scanned |
Nimbus Gateway |
| 48004 |
tcp |
trojan |
Premium scan |
Fraggle Rock trojan
IANA registered for: NimbusDB Connector. |
| 48005 |
tcp |
nimbusdbctrl |
not scanned |
IANA registered for: NimbusDB Control |
| 48006 |
tcp |
trojan |
Premium scan |
Fraggle Rock trojan |
| 48048 |
tcp |
juliar |
not scanned |
IANA registered for: Juliar Programming Language Protocol |
| 48049 |
tcp,udp |
3gpp |
not scanned |
3GPP Cell Broadcast Service Protocol |
| 48094 |
tcp |
trojans |
Premium scan |
Backdoor.Nibu.M [2005-071112-2150-99] - a trojan with backdoor capabilities, that runs a keylogger, sends information periodically to a remote server (via http), and also blocks access to security-related websites. Listens for remote commands on port 48094/tcp. |
| 48101 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101.
References: [CVE-2008-0693], [BID-27604] |
| 48512 |
tcp |
trojan |
Premium scan |
Arctic trojan |
| 48556 |
tcp,udp |
com-bardac-dw |
not scanned |
com-bardac-dw, drive.web AC/DC Drive Automation and Control Networks |
| 48653 |
tcp,udp |
robotraconteur |
not scanned |
Robot Raconteur transport - a communication library for robotics and automation, developed by Wason Technology, LLC [Wason_Technology_LLC] (IANA official) |
| 48705 |
tcp |
viera |
not scanned |
Panasonic Viera cast may use the following ports: 80, 443, 43654, 48705 |
| 48899 |
udp |
applications |
not scanned |
The Beckhoff TwinCAT version <= 2.11.0.2004 can be brought down by sending a crafted UDP packet to port 48899 (TCATSysSrv.exe).
References: [CVE-2011-3486], [OSVDB-75495] |
| 49000 |
tcp |
trojan |
Premium scan |
Fraggle Rock trojan
IANA registered for: Matahari Broker |
| 49001 |
udp |
games |
not scanned |
Far Cry
IANA registered for: Nuance Unity Service Discovery Protocol |
| 49001 |
tcp |
nusrp |
not scanned |
IANA registered for: Nuance Unity Service Request Protocol |
| 49002 |
tcp,udp |
games |
not scanned |
Far Cry |
