| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 5902 |
tcp |
vnc-2 |
not scanned |
Virtual Network Computer display 2 |
| 5903 |
tcp,udp,sctp |
ff-ice |
not scanned |
Virtual Network Computer display 3 (TCP)
Flight & Flow Info for Collaborative Env (IANA official) |
| 5904 |
tcp,udp,sctp |
ag-swim |
not scanned |
Air-Ground SWIM (IANA official) |
| 5905 |
tcp,udp,sctp |
asmgcs |
not scanned |
Windows service "C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe" that listens on 127.0.0.1 (TCP)
Adv Surface Mvmnt and Guidance Cont Sys (IANA official) |
| 5906 |
tcp,udp,sctp |
rpas-c2 |
not scanned |
Remotely Piloted Vehicle C&C (IANA official) |
| 5907 |
tcp,udp,sctp |
dsd |
not scanned |
Distress and Safety Data App (IANA official) |
| 5908 |
tcp,udp,sctp |
ipsma |
not scanned |
IPS Management Application (IANA official) |
| 5909 |
tcp,udp,sctp |
agma |
not scanned |
Air-ground media advisory (IANA official) |
| 5910 |
tcp,udp |
ats-atn |
not scanned |
Air Traffic Services applications using ATN (IANA official) |
| 5910 |
sctp |
cm |
not scanned |
Context Management (IANA official) |
| 5911 |
tcp,udp |
games |
not scanned |
Worms 4 Mayhem
Air Traffic Services applications using ACARS (IANA official) |
| 5911 |
sctp |
cpdlc |
not scanned |
Controller Pilot Data Link Communication (IANA official) |
| 5912 |
tcp,udp |
games |
not scanned |
Worms 3D
Aeronautical Information Service/Meteorological applications using ACARS (IANA official) |
| 5912 |
sctp |
fis |
not scanned |
Flight Information Services (IANA official) |
| 5913 |
sctp |
ads-c |
not scanned |
Automatic Dependent Surveillance (IANA official) |
| 5913 |
tcp,udp |
aoc-acars |
not scanned |
Airline operational communications applications using ACARS (IANA official) |
| 5916 |
tcp |
asus |
not scanned |
Independent Security Evaluators has reported multiple vulnerabilities in ASUS RT-AC66U Router, which can be exploited by malicious people to compromise a vulnerable device. The vulnerabilities are caused due to boundary errors within the Broadcom ACSD Wireless Channel Service component when handling the "autochannel" and "csscan" commands and can be exploited to cause stack-based buffer overflows by sending specially crafted requests to TCP port 5916.
References: [CVE-2013-4659], [SECUNIA-54314], [XFDB-86042], [EDB-27133]
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853.
References: [CVE-2020-15635] |
| 5933 |
tcp |
trojan |
Premium scan |
NOSecure trojan |
| 5938 |
tcp |
applications |
Members scan |
TeamViewer remote desktop protocol uses ports 5938/TCP, 5939/TCP, 5353/UDP
DynGate
MAX RemoteManagement |
| 5939 |
tcp |
teamviewer |
not scanned |
TeamViewer remote desktop protocol uses ports 5938/TCP, 5939/TCP, 5353/UDP |
| 5947 |
tcp |
malware |
not scanned |
Backdoor.Win32.Mazben.es / Unauthenticated Open Proxy - the malware listens on random TCP ports, known 2608, 6751, 3087, 5947. Third-party attackers who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0377] |
| 5970 |
tcp |
applications |
not scanned |
iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980.
References: [CVE-2021-34690] |
| 5980 |
tcp |
applications |
not scanned |
iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980.
References: [CVE-2021-34690] |
| 5984 |
tcp,udp |
couchdb |
not scanned |
IANA registered for: CouchDB |
| 5985 |
tcp |
winrm |
Premium scan |
WinRM 2.0 (Microsoft Windows Remote Management) uses port 5985/tcp for HTTP and 5986/tcp for HTTPS by default.
IANA Registered for: WBEM WS-Management HTTP, registered 2006-11 |
| 5986 |
tcp |
winrm |
Premium scan |
WinRM 2.0 (Microsoft Windows Remote Management) uses port 5985/tcp for HTTP and 5986/tcp for HTTPS by default.
IANA registered for: WBEM WS-Management HTTP over TLS/SSL
|
| 5987 |
tcp,udp |
wbem-rmi |
not scanned |
WBEM RMI |
| 5988 |
tcp,udp |
wbem-http |
not scanned |
WBEM CIM-XML (HTTP), WBEM HTTP, Apple Remote Desktop |
| 5989 |
tcp,udp |
wbem-https |
not scanned |
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
References: [CVE-2021-21994]
WBEM CIM-XML (HTTPS), WBEM HTTPS (IANA official) |
| 5990 |
tcp,udp |
wbem-exp-https |
not scanned |
WBEM Export HTTPS |
| 5993 |
tcp,udp |
applications |
not scanned |
Remote Synchronization (GoldSync), Private game server
IANA registered for: DMTF WBEM CIM REST (TCP) |
| 5994 |
tcp |
rms-agent |
not scanned |
RMS Agent Listening Service (IANA official) |
| 5999 |
tcp,udp |
cvsup |
not scanned |
IANA registered for: CVSup |
| 6000 |
tcp |
trojan |
Premium scan |
Port used by W32.LoveGate.ak [Symantec-2004-072816-0947-99] mass-mailing worm. Uses its own SMTP engine. Affects Windows 2000, Windows NT, Windows Server 2003, Windows XP
The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the root, user, manager, administrator, and operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000.
References: [CVE-2007-3232] [BID-24452]
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
References: [CVE-2000-0453] [BID-1235]
The Xper Connect broker listens to Port 6000/TCP by default. By sending an HTTP request outside the bounds of the buffer to Port 6000/TCP, an attacker can cause a heap-based buffer resulting in loss of confidentiality, integrity, and availability.
References: [CVE-2013-2808], [SECUNIA-55152]
MobaXterm could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to authenticate remote X11 connections over port 6000. By connecting to the server, an attacker could exploit this vulnerability to inject X11 commands on the system with the privileges of the victim.
References: [CVE-2015-7244] [XFDB-107748]
Trojans using this port: The Thing, Aladino, NetBus, APStrojan. |
| 6000 |
udp |
games |
not scanned |
Burnout Paradise (PS3), developer: Criterion Games |
| 6003 |
tcp,udp |
applications |
not scanned |
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, a.k.a. Oracle reference number 6296175.
References: [CVE-2007-5561]
Port is also IANA registered for X Windows System |
| 6004 |
tcp,udp |
applications |
not scanned |
Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters.
References: [CVE-1999-1566]
Port is also IANA registered for X Windows System |
| 6005 |
tcp |
applications |
not scanned |
Camfrog, developer: Camshare LLC
Default for BMC Software Control-M/Server - socket used for communication between Control-M processes - though often changed during installation |
| 6006 |
tcp |
trojans |
Premium scan |
Trojans: Bad Blood, The Thing, APStrojan (TCP)
TalkSwitch also uses port 6006 (TCP/UDP)
ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).
References: [CVE-2008-1293] [BID-28960] [SECUNIA-30099]
X Windows System (IANA official) |
| 6009 |
tcp |
applications |
not scanned |
JD Edwards EnterpriseOne ERP system JDENet messaging client listener |
| 6010 |
tcp,udp |
applications |
not scanned |
TalkSwitch uses ports 6010-6016
Campground Master also uses this port (TCP)
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
References: [CVE-2008-1483], [BID-28444]
Port is also IANA registered for X Windows System |
| 6011 |
tcp |
x11 |
not scanned |
X Window System (unofficial)
Citrix Command Center Server uses ports 1099 and 2014 TCP to communicate with High Availability (HA) servers. May also use port 6011 TCP when there is a firewall between the primary and secondary servers. |
| 6014 |
tcp,udp |
applications |
not scanned |
IBM DB2 is vulnerable to a denial of service, caused by an error in the kuddb2 process. By sending a specially-crafted packet to port 6014, a remote attacker could exploit this vulnerability to crash the process.
References: [CVE-2010-0472], [BID-38018]
Port is also IANA registered for X Windows System |
| 6016 |
tcp,udp |
applications |
not scanned |
TalkSwitch uses ports 6010-6016 |
| 6019 |
tcp |
trojan |
not scanned |
W32.IRCBot.BPP [Symantec-2007-030713-4246-99] (2007.03.07) - a Trojan horse that opens a back door to a remote IRC server and creates a spam email relay.
Port is also IANA registered for X Windows System |
| 6020 |
tcp,udp |
applications |
not scanned |
TalkSwitch uses ports 6020-6026 |
| 6024 |
udp |
applications |
not scanned |
Tigermeeting Android client discovery |
| 6025 |
udp |
applications |
not scanned |
Tigermeeting Android client discovery |
| 6026 |
tcp,udp |
applications |
not scanned |
TalkSwitch uses ports 6020-6026
Tigermeeting Android client discovery (TCP) |
| 6030 |
tcp,udp |
applications |
not scanned |
TalkSwitch uses ports 6030-6036
Tigermeeting Android client discovery (UDP)
|
| 6031 |
udp |
applications |
not scanned |
Tigermeeting Android client discovery |
| 6036 |
tcp,udp |
applications |
not scanned |
TalkSwitch usesports 6030-6036 |
| 6050 |
tcp,udp |
x11 |
not scanned |
X Window System, ARCserve agent, Brightstor Arcserve Backup, Nortel Software
Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field.
References: [CVE-2005-1018] [BID-13102]
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
References: [CVE-1999-1049] |
| 6051 |
tcp,udp |
x11 |
not scanned |
X Window System, Brightstor Arcserve Backup
Backdoor.Win32.Zdemon.10 / Unauthenticated Remote Command Execution - Zdemon malware listens on TCP ports 31556, 6051. Third-party attackers who can reach infected systems can execute commands made available by the backdoor.
References: [MVID-2021-0313] |
| 6060 |
tcp |
x11 |
Premium scan |
Ethersphere Swarm (distributed storage and communication system) uses these ports:
6060, 6831 tcp - pprof debugging http server
8500, 8545 tcp - web access http api
X Windows System, Sipru
Malicious services using this port: W32.Lovgate, W32.Spybot |
| 6061 |
tcp |
applications |
not scanned |
Cisco Meeting Server 2.x H.323 Gateway uses port 6061 by default.
Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock 5.0 allows remote attackers to execute arbitrary code via a long HTTP request to TCP port 6061.
References: [CVE-2007-5209]
Port is also IANA registered for X Windows System |
| 6068 |
tcp |
gsmp-ancp |
not scanned |
GSMP/ANCP [RFC6320] (IANA official) |
| 6070 |
tcp,udp |
applications |
not scanned |
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port 6070 or 6050.
References: [CVE-2005-1272], [BID-14453]
Port is also IANA registered for Messageasap |
| 6071 |
tcp |
ssdtp |
not scanned |
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
References: [CVE-2006-5143] [BID-20365] [SECUNIA-22285]
SSDTP (IANA official) |
| 6072 |
tcp,udp |
diagnose-proc |
not scanned |
iOperator Protocol Signal Port (TCP)
IANA registered for: DIAGNOSE-PROC |
| 6073 |
tcp,udp |
games |
not scanned |
Age of Empires, Age of Mythology, Star Wars Galactic Battlegrounds, Baldurs Gate, Flight Simulator 2004 (UDP), Operation Flashpoint (UDP), Sudden Strike II (UDP), Homeworld 2, Sacrifice |
| 6075 |
tcp |
dpm-acm |
not scanned |
Microsoft DPM Access Control Manager |
| 6076 |
tcp |
msft-dpm-cert |
not scanned |
Microsoft DPM WCF Certificates [Microsoft Corporation] (IANA official) |
| 6077 |
tcp |
iconstructsrv |
not scanned |
iConstruct Server [iConstruct_Aus_Pty_Ltd] (IANA official) |
| 6080 |
tcp |
applications |
Premium scan |
noVNC uses TCP port 6080 (console URL), TCP ports 80 or 443 (Horizon GUI), and ports 5900+
PSI Webhosting, BridgeChannel
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080.
References: [CVE-2008-1914], [BID-28795] |
| 6080 |
udp |
gue |
not scanned |
IANA registered for Generic UDP Encapsulation (UDP) |
| 6081 |
tcp |
trojans |
not scanned |
Trojan.Gpcoder.E [Symantec-2007-071711-3132-99] (2007.07.17) - a trojan horse that encrypts files and then prompts the user to purchase a password in order to decrypt them. |
| 6081 |
udp |
geneve |
not scanned |
Virtualization Encapsulation (Geneve) (IANA official) |
| 6082 |
udp |
p25cai |
not scanned |
Interface - UDP encapsulation |
| 6083 |
udp |
miami-bcast |
not scanned |
IANA registered for: Telecomsoftware Miami Broadcast |
| 6084 |
tcp |
reload-config |
not scanned |
Peer to Peer Infrastructure Configuration (IANA official) [RFC 6940] |
| 6086 |
tcp,udp |
pdtp |
not scanned |
IANA registered for: PDTP P2P |
| 6088 |
tcp |
doglms |
not scanned |
SuperDog License Manager [SafeNet] (IANA official) |
| 6088 |
udp |
doglms-notify |
not scanned |
SuperDog License Manager Notifier [SafeNet] (IANA official) |
| 6090 |
tcp |
smartbear |
not scanned |
SmartBear uses ports 6090-6092 for TestComplete software, and port 1947 tcp/udp for license manager. It also needs access to port 443 for activation. |
| 6091 |
tcp |
smartbear |
not scanned |
SmartBear uses ports 6090-6092 for TestComplete software, and port 1947 tcp/udp for license manager. It also needs access to port 443 for activation. |
| 6092 |
tcp |
smartbear |
not scanned |
SmartBear uses ports 6090-6092 for TestComplete software, and port 1947 tcp/udp for license manager. It also needs access to port 443 for activation. |
| 6095 |
tcp,udp |
games |
not scanned |
Ship Simulator 2008
A vulnerability in Citrix Provisioning Services can be exploited to compromise a vulnerable system. The vulnerability is caused due to an integer underflow error in Ardence.CMessageUtils.fromMgrString() within Manager.dll when the Stream Service component parses strings in incoming requests. This can be exploited to cause a stack-based buffer overflow via a specially crafted request containing an zero size value sent to UDP port 6095.
References: [SECUNIA-46162] |
| 6100 |
tcp,udp |
synchronet-db |
not scanned |
SynchroNet-db, Ventrilo, Vizrt System |
| 6101 |
tcp,udp |
synchronet-rtc |
not scanned |
SynchroNet-rtc, Backup Exec UNIX and 95/98/ME Aent, Veritas Backup Exec Advertiser |
| 6102 |
tcp,udp |
synchronet-upd |
not scanned |
SynchroNet-upd, Veritas Backup Exec Client |
| 6103 |
tcp,udp |
rets |
not scanned |
RETS, Veritas Backup Exec Remote Agent |
| 6105 |
tcp,udp |
primaserver |
not scanned |
Prima Server [Prima Designs System] (IANA official) |
| 6106 |
tcp,udp |
applications |
not scanned |
VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.
References: [CVE-2005-0771]
MPS Server (TCP/UDP) [Prima Designs System] (IANA official) |
| 6107 |
tcp,udp |
etc-control |
not scanned |
ETC Control (IANA official) |
| 6110 |
tcp |
games |
not scanned |
Starcraft uses ports 6110-6120
IANA registered for: HP SoftBench CM (TCP/UDP) |
| 6111 |
tcp,udp |
spc |
not scanned |
IANA registered for: HP SoftBench Sub-Process Control |
| 6112 |
tcp |
games |
Premium scan |
Port used by Guild Wars, Supreme Commander, Club Penguin Disney online game for kids, Warcraft II and III (Blizzard Downloader). It also uses port 3724.
Red Ace Squadron Pro uses ports 6112 (TCP/UDP), developer: Small Rockets
Trojan.Flogash [Symantec-2007-062516-0650-99] (2007.06.25) - a trojan horse that steals sensitive information from the compromised computer
A remotely exploitable buffer overflow exists in the Common Desktop Environment (CDE) Subprocess Control Service (dtspcd). An attacker who successfully exploits this vulnerability can execute arbitrary code as root. dtspcd is typically configured to run on port 6112/tcp with root privileges.
References: [CVE-2001-0803], [BID-3517]
IANA registered for: Desk-Top Sub-Process Control Daemon (TCP/UDP) |
| 6112 |
udp |
games |
not scanned |
Rise of Nations: Rise Of Legends, Starcraft, Dawn of War - Warhammer 40k, Supreme Commander, Company Of Heroes |
| 6113 |
tcp |
games |
not scanned |
Port used by Club Penguin Disney online game for kids, Warcraft II and III (Blizzard Downloader). It also uses port 3724.
Red Ace Squadron Pro also uses port 6113 (TCP/UDP), developer: Small Rockets
IANA registered for: Daylite Server |
| 6114 |
tcp |
games |
not scanned |
Port used by Warcraft II and III (Blizzard Downloader). It also uses port 3724.
Red Ace Squadron Pro also uses port 6114 (TCP/UDP), developer: Small Rockets
IANA registered for: WRspice IPC Service. |
| 6115 |
tcp |
games |
not scanned |
Port used by Warcraft II and III (Blizzard Downloader). It also uses port 3724.
Red Ace Squadron Proalso uses port 6115 (TCP/UDP), developer: Small Rockets
IANA registered for: Xic IPC Service. |
| 6116 |
tcp |
games |
not scanned |
Port used by Warcraft II and III (Blizzard Downloader). It also uses port 3724.
IANA registered for: XicTools License Manager Service. |
| 6117 |
tcp |
games |
not scanned |
Port used by Daylite Touch Sync, Warcraft II and III (Blizzard Downloader). It also uses port 3724. |
| 6118 |
tcp |
games |
not scanned |
Port used by Warcraft II and III (Blizzard Downloader). It also uses port 3724. |
| 6118 |
udp |
tipc |
not scanned |
Transparent Inter Process Communication [Ericsson] (IANA official) |
| 6119 |
tcp |
games |
not scanned |
Port used by Warcraft II and III (Blizzard Downloader). It also uses port 3724. |
| 6120 |
tcp |
games |
not scanned |
Starcraft uses ports 6110-6120 |
| 6121 |
tcp |
spdy |
not scanned |
SPDY for a faster web, Ragnarok Online Server (TCP/UDP) |
| 6124 |
tcp,udp |
games |
not scanned |
Against Rome, developer: Independent Arts |
