| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 54112 |
tcp |
trojans |
Premium scan |
Backdoor.Ranky.F [Symantec-2004-040119-5250-99] (2004.04.01) - a trojan horse that runs as a proxy server. By default, the trojan opens TCP port 54112. |
| 54138 |
tcp |
applications |
not scanned |
Toshiba 4690 operating system could allow a remote attacker to obtain sensitive information. By sending a specially crafted string to TCP port 54138, an attacker could return environment variables to an unauthenticated client. An attacker could exploit this vulnerability to restricted data.
References: [CVE-2014-8476], [XFDB-103666] |
| 54188 |
tcp |
applications |
not scanned |
An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188.
References: [CVE-2020-8614], [XFDB-176230] |
| 54236 |
tcp,udp |
applications |
not scanned |
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.
References: [CVE-2020-16602] |
| 54283 |
tcp |
trojan |
Premium scan |
Trojans using this port:
BackDoor-G, SubSeven, Sub7(*) (TCP) |
| 54312 |
tcp,udp |
trojans |
not scanned |
Backdoor.Niovadoor [Symantec-2002-103118-2307-99] (2002.10.31) - a backdoor trojan that gives an attacker unauthorized access to an infected computer. By default it opens port 54312 on the infected computer. The trojan attempts to disable some antivirus and firewall programs by terminating their active processes. |
| 54320 |
udp |
trojan |
not scanned |
Back Orifice 2000, BO2K(*) trojan horse (UDP) |
| 54321 |
tcp |
various |
Premium scan |
Citrix admin workstation connects to provisioning server over ports 54321-54323 TCP for SOAP service, used by console and APIs (MCLI, PowerShell, etc.)
opendkim default port (may also use ports 8891,12345)
Trojans using this port:
Schoolbus .69-1.11, 1.6, 2.0 (TCP)
Back Orifice 2000, BO2K(*) (TCP/UDP)
Backdoor.Robofo [Symantec-2007-053013-4425-99]
Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321.
References: [CVE-2010-4741]
The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321.
References: [CVE-2014-0327]
|
| 54321 |
udp |
loadavg |
not scanned |
UDP port used by "loadavg" - a service that replies with the load average of a machine. |
| 54322 |
tcp |
citrix |
not scanned |
Citrix admin workstation connects to provisioning server over ports 54321-54323 TCP for SOAP service, used by console and APIs (MCLI, PowerShell, etc.) |
| 54323 |
tcp |
citrix |
not scanned |
Citrix admin workstation connects to provisioning server over ports 54321-54323 TCP for SOAP service, used by console and APIs (MCLI, PowerShell, etc.) |
| 54340 |
tcp,udp |
vlc |
not scanned |
VLC Streamer default port |
| 54345 |
tcp |
loadrunner |
not scanned |
Port used by HP LoadRunner for checking performance and behavior of a system when under load.
Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent, Performance Center Agent, and Monitor over Firewall allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll.
References: [CVE-2007-0446], [BID-22487] |
| 54444 |
tcp |
applications |
not scanned |
NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444.
References: [CVE-2008-1905]
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.
References: [CVE-2012-5876] |
| 54533 |
udp |
applications |
not scanned |
Really Simple IM is vulnerable to a denial of service, caused by the improper handling of packets. By sending a specially-crafted packet to UDP port 54533, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-60454], [OSVDB-66447], [EDB-14408] |
| 54593 |
tcp |
citrix |
not scanned |
Citrix AppDNA Server uses port 54593 TCP for connections with the AppDNA Remote Admin Agent. |
| 54915 |
tcp,udp |
logitech |
not scanned |
Logitech Gaming Software - LCore.exe uses port 54915/udp. Disabling Arx control may stop the broadcasts. |
| 54925 |
udp |
brother |
not scanned |
Brother MFC printers use ports 137 UDP and 161 UDP (network printing and remote setup), 54925/udp (network scanning), 54926 UDP (PC fax receiving). Some may also open port 21 TCP (scan to FTP feature). |
| 54926 |
udp |
brother |
not scanned |
Brother MFC printers use ports 137 UDP and 161 UDP (network printing and remote setup), 54925/udp (network scanning), 54926 UDP (PC fax receiving). Some may also open port 21 TCP (scan to FTP feature). |
| 55000 |
tcp,udp |
trojans |
Premium scan |
Backdoor.Roxe [Symantec-2004-092814-2335-99] - remote access trojan, affects Windows. Exploits the MS GDI+ Library vulnerability: MS Seciruty Bulletin [MS04-028]. Listens on port 55000/tcp.
Port also used by Windows Home Server for managing the various components of the home network.
Some uTorrent versions use port 55000 by default. |
| 55023 |
tcp,udp |
applications |
not scanned |
Lupus Electronics XT2 Plus Alarm System could allow a remote attacker to obtain sensitive information, caused by the running of a telnet server on port 55023 by the panel. An attacker could exploit this vulnerability using a hard coded secret to obtain the root password from MAC address.
References: [XFDB-159044] |
| 55123 |
udp |
applications |
not scanned |
Default VoIP client port, Battlefield 2 |
| 55124 |
udp |
applications |
not scanned |
Default VoIP server port |
| 55125 |
udp |
applications |
not scanned |
Standard VoIP port |
| 55165 |
tcp |
trojans |
Premium scan |
Some trojans use this port: File Manager trojan, WM Trojan Generator |
| 55166 |
tcp |
trojan |
Premium scan |
WM Trojan Generator |
| 55413 |
tcp |
urbackup |
not scanned |
UrBackup (open source network backup system) uses these ports:
35621-35623 TCP/UDP - client broadcasts and data backups
55413-55415 TCP - server HTTP and FastCGI ports |
| 55414 |
tcp |
urbackup |
not scanned |
UrBackup (open source network backup system) uses these ports:
35621-35623 TCP/UDP - client broadcasts and data backups
55413-55415 TCP - server HTTP and FastCGI ports |
| 55415 |
tcp |
urbackup |
not scanned |
UrBackup (open source network backup system) uses these ports:
35621-35623 TCP/UDP - client broadcasts and data backups
55413-55415 TCP - server HTTP and FastCGI ports |
| 55502 |
tcp,udp |
applications |
not scanned |
B&R APROL versions < R 4.2-07 doesn't process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.
References: [CVE-2022-43765] |
| 55553 |
tcp |
metasploit |
not scanned |
Metasploit RPC daemon default port, also used by Armitage team server. |
| 55554 |
tcp |
applications |
not scanned |
Share KM application for Android is vulnerable to a denial of service, caused by an error in the Share KM PC Server. By sending a specially-crafted request containing an overly long string argument to TCP port 55554, a remote attacker could exploit this vulnerability to cause the server to crash.
References: [BID-62586], [XFDB-87386], [EDB-28451] |
| 55555 |
tcp |
trojan |
Premium scan |
Shadow Phyre trojan
JUNG Smart Visu Server contains two undocumented operating system user backdoor accounts. By connecting to the device over SSH on Port 55555, a remote attacker could exploit this vulnerability to gain administrative access to the device.
References: [XFDB-121625]
Backdoor.Win32.Wollf.m / Weak Hardcoded Password - the malware listens on TCP port 55555 and runs with SYSTEM integrity. Authentication is required for remote user access. However, the password "alfaromeo" is weak and hardcoded within the executable and appears many times in a database of leaked passwords.
References: [MVID-2021-0435]
Backdoor.Win32.Wollf.m / Authentication Bypass - the malware listens on TCP port 55555 and runs with SYSTEM integrity. The malware has an FTP component that can be enabled using the FTPD command. Third-party attackers who can reach the server can logon using any username password combination.
References: [MVID-2021-0436] |
| 55565 |
tcp |
applications |
not scanned |
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols' functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service.
References: [CVE-2022-30317] |
| 55665 |
tcp |
trojans |
Premium scan |
Backdoor.Latinus [Symantec-2002-060710-5206-99]
Pinochet [trojan] |
| 55666 |
tcp |
trojans |
Premium scan |
Backdoor.Latinus [Symantec-2002-060710-5206-99]
Pinochet [trojan] |
| 55901 |
tcp,udp |
applications |
not scanned |
Mu Online |
| 56010 |
tcp |
applications |
not scanned |
Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010.
References: [CVE-2010-1941], [BID-40196] |
| 56015 |
tcp |
applications |
not scanned |
Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015.
References: [CVE-2010-1943], [BID-40190] |
| 56123 |
tcp,udp |
applications |
not scanned |
Monsoon Vulkano |
| 56185 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.cu / Authentication Bypass RCE - the malware listens on TCP ports 10426, 56185. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2021-0303] |
| 56565 |
tcp |
trojans |
Premium scan |
Backdoor.Osirdoor [Symantec-2002-081217-3251-99] - remote access trojan, affects Windows |
| 56574 |
tcp,udp |
pando networks |
not scanned |
port used by Pando Media Booster (pmb.exe) - streaming software used by several online games using cloud relivery technology, developed by Pando Networks (pandonetworks.com) |
| 56700 |
tcp |
lifx |
not scanned |
LIFX smart lighting listens and broadcasts message responses on port 56700 TCP by default. https://lan.developer.lifx.com/docs/device-messages |
| 56768 |
tcp,udp |
applications |
not scanned |
iVisit |
| 56789 |
tcp |
webobjects |
Members scan |
Commonly used default port when configuring programs, and possibly malware, because of the sequential numbers "5 6 7 8 9"
Apple WebObjects Monitor (WO-Monitor) application, also JavaMonitor use port 56789 TCP
Cyber Intel Classification Banner - service agent uses port 56789 by default
Malware: Win32/Autorun.OA worm - it may change the computer system date, delete other programs, or connect to a remote site and await commands from a remote attacker. Opens a backdoor and attempts to connect to 'rj.rufang2005.cn' using TCP port 56789. |
| 56790 |
tcp |
malware |
not scanned |
Port sometimes used as default/consecutive port when configuring programs/malware/botnets, because it follows a very common default high port "5 6 7 8 9". As such, programs/malware that need multiple open ports often use sequential ports 56790, 56791, etc. |
| 56791 |
tcp |
botnets |
not scanned |
Port sometimes used as default/consecutive port when configuring programs/malware/botnets, because it follows a very common default high port "5 6 7 8 9". As such, programs/malware that need multiple open ports often use sequential ports 56790, 56791, etc. |
| 57005 |
tcp |
trojans |
Premium scan |
Backdoor.IRC.Cirebot [Symantec-2003-080214-3019-99] (2003.08.02). Trojan that exploits the MS DCOM vulnerability and installs a backdoor. Uses ports 445 & 69, opens port 57005. |
| 57123 |
tcp |
trojans |
Premium scan |
Backdoor.Mprox [Symantec-2003-092417-2624-99] (2003.09.24) - a backdoor trojan horse that opens a proxy server on TCP port 57123. |
| 57163 |
tcp |
trojan |
Premium scan |
BlackRat |
| 57331 |
tcp,udp |
applications |
not scanned |
PlayOn |
| 57341 |
tcp |
trojans |
Premium scan |
Port used by NetRaider trojan. |
| 57588 |
tcp,udp |
gtk |
not scanned |
Gtk#
The Gtk# GUI toolkit from Novell employs port 57588 to connect with its host site. It contains a collection of .NET bindings and an assortment of GNOME libraries. |
| 57612 |
udp |
applications |
not scanned |
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are (re)used for other applications, their compromise could potentially facilitate lateral movement.
References: [CVE-2022-30312] |
| 57621 |
udp |
spotify |
not scanned |
Port 57621 UDP is used by Spotify client for P2P communication |
| 57621 |
udp |
spotify |
not scanned |
Spotify client uses port 57621 UDP for P2P communication |
| 57785 |
tcp |
trojan |
Premium scan |
G.R.O.B. |
| 57851-57943 |
tcp |
arx |
not scanned |
Logitech LGS Arx control app listens to port 54045 UDP and uses outbound port 54099 UDP. It also uses a random TCP port, reportedly in the following ranges (57851, 57856, 57907, 57911, 57913, 57924, 57943, 63235) |
| 58008 |
tcp |
trojans |
Premium scan |
Backdoor.Tron [Symantec-2002-060414-2700-99] (2002.06.04) - remote access trojan, affects Windows, has the ability to kill software firewall processes. |
| 58009 |
tcp |
trojan |
Premium scan |
Backdoor.Tron [Symantec-2002-060414-2700-99] (2002.06.04) - remote access trojan, affects Windows, has the ability to kill software firewall processes. |
| 58134 |
tcp |
trojan |
Premium scan |
Charge trojan |
| 58339 |
tcp |
trojan |
Members scan |
ButtFunnel trojan |
| 58343 |
tcp |
trojans |
Premium scan |
Backdoor.Prorat [Symantec-2003-061315-4216-99] (2003.06.13) - remote access trojan, affects Windows, opens port 58343 by default. |
| 58641 |
tcp |
trojans |
Premium scan |
W32.Kalel.B@mm [Symantec-2005-061615-2836-99] (2005.06.15) - mass-mailing worm with keylogger and backdoor capabilities. Spreads through email and file-sharing networks. Opens a backdoor and listens for remote commands on port 58641/tcp. |
| 58642 |
tcp |
applications |
not scanned |
Jamcast |
| 58666 |
tcp |
trojans |
Premium scan |
Backdoor.Redkod [Symantec-2003-022517-1058-99] (2003.02.03) - remote access trojan, affects Windows NT/2000/XP. |
| 58723 |
tcp |
applications |
not scanned |
Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.
References: [CVE-2011-4871] |
| 59000 |
tcp,udp |
applications |
not scanned |
Tekkotsu, Cisco Agent Desktop
Tekkotsu is an open-source environment for the programming of robots.
Cisco Agent Desktop is an application for Computer Telephony Integration (CTI). |
| 59100 |
tcp,udp |
applications |
not scanned |
AudioRelay |
| 59211 |
tcp |
trojans |
Premium scan |
Backdoor.Ducktoy [Symantec-2002-071814-5240-99] (2002.07.18) - remote access trojan, affects Windows, listens to ports 29559 and 59211 by default.
NewFuture trojan |
| 59234 |
tcp,udp |
whatsapp |
not scanned |
WhatsApp uses these ports:
80, 443, 4244, 5222, 5223, 5228, 5242 TCP
50318, 59234 TCP/UDP
3478, 45395 UDP
|
| 59278 |
tcp,udp |
applications |
not scanned |
WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors.
References: [CVE-2008-7137], [BID-28085] |
| 59777 |
tcp |
applications |
not scanned |
ES File Explorer File Manager application for Android could allow a remote attacker to execute arbitrary code on the system. By sending specially-crafted requests to TCP port 59777, an attacker could exploit this vulnerability to read arbitrary files or execute arbitrary code on the system.
References: [CVE-2019-6447], [XFDB-155682] |
| 59969 |
tcp,udp |
games |
not scanned |
Genesis Rising: The Universal Crusade Beta |
| 60000 |
tcp |
trojans |
Premium scan |
Trojans/backdoors that use this port: DeepThroat/BackDoor-J, F0replay/WiNNUke eXtreame, Sockets des Troie, MiniBacklash |
| 60000 |
udp |
sco |
not scanned |
SCO Copy Protection Demon (CPD)
Among the products protected by SCO CPD are the SCO UnixWare, SCO OpenServer, Smallfoot, SCOoffice Server, WebFace, SCOx Web Services Substrate, Me Inc., and Caldera WebSpyder.
Backdoor.Win32.MiniBlackLash / Remote DoS - MiniBlackLash listens on both TCP port 6711 and UDP port 60000. Sending a large HTTP request string of junk chars to UDP port 60000 will crash this backdoor.
References: [MVID-2021-0060] |
| 60001 |
tcp |
trojans |
Premium scan |
Trojans that use this port: Entitee trojan, Trinity trojan (DoS) |
| 60001 |
udp |
nat-traverse |
not scanned |
nat-traverse, Vorsis
The nat-traverse application utilizes UDP port 60001 to pass through NAT gateways to generate links between nodes located behind these gateways.
Vorsis audio processors employ UDP and TCP port 60001 to communicate with their host. |
| 60002 |
tcp |
vulnerabilities |
not scanned |
Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency.
References: [CVE-2025-32409] |
| 60005 |
tcp |
applications |
not scanned |
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29952] |
| 60006 |
tcp |
trojan |
Premium scan |
Trojan.Fulamer.25 |
| 60007 |
tcp |
applications |
not scanned |
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29952] |
| 60008 |
tcp |
trojans |
Premium scan |
T0rn Rootkit trojan
Lion trojan - exploits Linux Bind servers' TSIG vulnerability |
| 60023 |
tcp |
applications |
not scanned |
Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware 1.1.12 (051129) and CP-100E VoIP 802.11b Wireless Phone running firmware 1.1.60 allows remote attackers to gain unauthorized access via the debug service on TCP port 60023.
References: [CVE-2006-0305], [BID-16289] |
| 60068 |
tcp |
trojans |
Premium scan |
Xzip trojan, T0rn rootkit |
| 60099 |
tcp |
vmware |
not scanned |
VMware vCenter Server Web Service change service notification port |
| 60101 |
tcp |
trojans |
Premium scan |
Backdoor.Stealer [Symantec-2003-070415-5712-99] (2003.07.04) a.k.a. Trojan.Spy.MSNLogThief [KAV], MSNLogThief [McAfee] - a trojan that gives its creator full control over the infected computer, uses ports 16999,60101. |
| 60411 |
tcp |
trojan |
Premium scan |
Connection.100, Connection.130 trojan |
| 60412 |
tcp |
trojan |
not scanned |
Connection.130 trojan |
| 60551 |
tcp |
trojan |
Premium scan |
R0xr4t [Symantec-2002-082915-1621-99], a.k.a. RoxRat backdoor, BD R0xr4t 1.0. Uses ports 5050,50551,50552,60551,60552. |
| 60552 |
tcp |
trojan |
Premium scan |
R0xr4t [Symantec-2002-082915-1621-99], a.k.a. RoxRat backdoor, BD R0xr4t 1.0. Uses ports 5050,50551,50552,60551,60552. |
| 60666 |
tcp |
trojan |
Premium scan |
Basic Hell trojan |
| 61000 |
tcp |
trojans |
Premium scan |
Backdoor.Mite [Symantec-2002-090309-2255-99] - remote access trojan with password-stealing capabilities, affects Windows. Opens a backdoor on port 61000/tcp. BD Windows Mite 1.0 variant listens on port 65530/tcp. |
| 61001 |
tcp |
applications |
not scanned |
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports.
References: [CVE-2017-10793], [BID-100585] |
| 61115 |
tcp |
trojan |
Premium scan |
Protoss trojan |
| 61183 |
tcp |
worm |
not scanned |
W32.Quadrule.A [Symantec-2007-052815-0455-99] (2007.05.28) - a worm that spreads through network and removable drives. It also opens a back door on port 61183. |
| 61282 |
tcp |
worm |
not scanned |
W32.Pandem.B.Worm [Symantec-2003-081913-3715-99] (2003.08.19) - a worm coded in C++ and is packed with PEBundle, listens on port 61282/tcp. |
| 61337 |
tcp |
trojan |
Premium scan |
Nota trojan [Symantec-2002-061211-0415-99] |
| 61348 |
tcp |
trojans |
Premium scan |
Bunker-Hill trojan. Uses ports 61348, 61603, 63485 |
