| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 7095 |
udp |
jdp-disc |
not scanned |
Java Discovery Protocol [OpenJDK] (IANA official) |
| 7099 |
udp |
applications |
not scanned |
City of Heroes, City of Villains, lazy-ptop, RealAudio |
| 7100 |
tcp,udp |
font-service |
Premium scan |
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
References: [CVE-2002-1317] [BID-6241]
An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.
References: [CVE-2018-10943]
Barco ClickShare is vulnerable to a denial of service. By sending a specially crafted string to TCP port 7100, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-141734]
X Font Service (IANA official)
UDP port range is also used by RealAudio and some games: Active Worlds, City of Heroes, City of Villains |
| 7101 |
tcp,udp |
elcn |
not scanned |
Embedded Light Control Network, RealAudio, Dungeon Fighter Online |
| 7102 |
tcp,udp |
games |
not scanned |
Dungeon Fighter Online, developer: Neople |
| 7103 |
udp |
applications |
not scanned |
RealAudio, Dungeon Fighter Online (TCP/UDP) |
| 7107 |
udp |
aes-x170 |
not scanned |
IANA registered for: AES-X170 |
| 7117 |
tcp |
rothaga |
not scanned |
IANA registered for: Encrypted chat and file transfer service |
| 7119 |
tcp |
trojan |
Premium scan |
Massaker trojan [Symantec-2003-011614-4100-99] |
| 7123 |
tcp |
applications |
not scanned |
Port used by RealAudio.
Also the default port for the "fakewww" web server used with NDT (Network Diagnostic Tool).
End-to-end TLS Relay Control Connection (IANA official) |
| 7125 |
udp |
applications |
not scanned |
StateMirrorClientToServer, RealAudio |
| 7126 |
udp |
applications |
not scanned |
RealAudio |
| 7127 |
udp |
applications |
not scanned |
RealAudio |
| 7128 |
tcp,udp |
scenidm |
Premium scan |
intelligent data manager, RealAudio
Trojan.Riler.F (TCP) [Symantec-2006-071812-3213-99] (2006.07.17) - a back door trojan horse that installs itself as a layered service provider (LSP), and allows a remote attacker to have unauthorized access to the compromised computer. It is dropped by Trojan.PPDropper.C. |
| 7131 |
tcp |
applications |
not scanned |
Ecava IntegraXor contains a directory traversal vulnerability. It runs a web service that listens on port 7131/tcp. A remote attacker can access files outside of the web application or document root by supplying a crafted URL to an vulnerable system.
References: [CVE-2010-4598], [BID-45535] |
| 7133 |
tcp |
applications |
not scanned |
Enemy Territory: Quake Wars |
| 7144 |
tcp |
applications |
not scanned |
PeerCast, EMC RepliStor, RealAudio
Rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144
References: [CVE-2009-3744], [BID-36738] |
| 7145 |
tcp |
applications |
not scanned |
Peercast |
| 7154 |
tcp |
worm |
not scanned |
W32.Adjunto.A@mm [Symantec-2007-012310-1934-99] (2007.01.22) - a mass-mailing worm that opens a back door on the compromised computer and also infects .exe files found on local and mapped drives.
W32.Tisandr.A@mm [Symantec-2007-071120-5049-99] (2007.07.11) - a mass mailing email worm that infects executable files in local drives.
Port is also used by RealAudio |
| 7158 |
tcp |
trojan |
Premium scan |
Lohoboyshik trojan |
| 7167 |
tcp |
casrmagent |
not scanned |
CA SRM Agent |
| 7168 |
tcp |
cnckadserver |
not scanned |
IANA registered for: cncKadServer DB & Inventory Services |
| 7169 |
tcp,udp |
ccag-pib |
not scanned |
Consequor Consulting Process Integration Bridge |
| 7170 |
tcp,udp |
nsrp |
not scanned |
Adaptive Name/Service Resolution
Descent 3 game also uses port 7170 (TCP). |
| 7171 |
tcp,udp |
drm-production |
not scanned |
Discovery and Retention Mgt Production, Otserv, Tibia |
| 7172 |
tcp |
metalbend |
not scanned |
Port used for MetalBend programmable interface [Micha_Ben_Efraim_4] (IANA official) |
| 7173 |
tcp |
zsecure |
not scanned |
IANA registered for: zSecure Server. |
| 7174 |
udp |
games |
not scanned |
Battle Realms |
| 7174 |
tcp |
upnp |
Premium scan |
Mini UPnP (ASUS WRT 3.0.04, UpnP 1.1) |
| 7175 |
tcp |
games |
not scanned |
Lord of the Rings: War of the Ring |
| 7175 |
udp |
games |
not scanned |
Battle Realms |
| 7176 |
udp |
applications |
not scanned |
QuickTime Streaming Server |
| 7177 |
udp |
games |
not scanned |
Battle Realms |
| 7181 |
udp |
janus-disc |
not scanned |
Janus Guidewire Enterprise Discovery Service Bus [Guidewire_Software_Inc] (IANA official) |
| 7200 |
tcp |
trojan |
Premium scan |
Massaker trojan [Symantec-2003-011614-4100-99] |
| 7201 |
tcp |
trojan |
Premium scan |
NetMonitor trojan horse (a.k.a. NetSpy, NTMonitor, BackDoor-E.srv., Backdoor.Netspy, Backdoor.NetMonitor) |
| 7202 |
tcp |
pon-ictp |
not scanned |
IANA registered for: Inter-Channel Termination Protocol (ICTP) for multi-wavelength PON (Passive Optical Network) systems |
| 7210 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210.
References: [CVE-2010-1185], [BID-38769]
SAP MaxDB could allow a remote attacker to execute arbitrary commands on the system via port 7210 TCP, due to improper invocation of the cons.exe DATABASE COMMAND by the system function. By executing certain database commands followed by double ampersands (&&), an attacker could execute arbitrary shell commands on the affected system.
References: [XFDB-39573], [BID-27206] |
| 7215 |
tcp |
trojans |
Premium scan |
trojans: SubSeven, SubSeven 2.1 Gold, BackDoor-G [Symantec-2000-121907-4858-99]
IANA registered for: Communication ports for PaperStream Server services |
| 7216 |
tcp |
PS-Capture-Pro |
not scanned |
IANA registered for: PaperStream Capture Professional |
| 7222 |
udp |
worm-linux |
not scanned |
Linux.Plupii [Symantec-2005-110612-3334-99] (2005.11.06) - a worm with backdoor capabilities. Attempts exploiting several Linux web server related vulnerabilities. Opens a backdoor and listens for remote commands on port 7222/udp. |
| 7228 |
tcp |
citrixupp |
not scanned |
IANA registered for: Citrix Universal Printing Port |
| 7229 |
tcp |
citrixuppg |
not scanned |
IANA registered for: Citrix UPP Gateway |
| 7234 |
tcp |
applications |
not scanned |
WebSEAL, Knights of the Ruby Order, PokerTH Online, Player Worlds
IANA registered for: Traffic forwarding for Okta cloud |
| 7235 |
udp |
aspcoordination |
not scanned |
IANA registered for: ASP Coordination Protocol |
| 7236 |
tcp |
display |
not scanned |
Wi-Fi Alliance Wi-Fi Display Protocol [Wi-Fi Alliance] (IANA official) |
| 7237 |
tcp,udp |
applications |
not scanned |
Yugioh Virtual Desktop, developer: Xero Creative
IANA registered for: PADS (Public Area Display System) Server |
| 7238 |
tcp,udp |
applications |
not scanned |
Yugioh Virtual Desktop, developer: Xero Creative |
| 7239 |
tcp,udp |
applications |
not scanned |
Yugioh Virtual Desktop, developer: Xero Creative |
| 7242 |
tcp,udp |
games |
not scanned |
Railroad Tycoon II |
| 7244 |
tcp,udp |
frc-hicp |
not scanned |
IANA registered for: FrontRow Calypso Human Interface Control Protocol |
| 7262 |
tcp,udp |
cnap |
not scanned |
Calypso Network Access Protocol |
| 7269 |
tcp |
applications |
not scanned |
eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (a.k.a. serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.
References: [CVE-2003-0939] |
| 7273 |
tcp |
trojans |
Premium scan |
Backdoor.Xibo [Symantec-2003-120814-2004-99] (2003.12.08) - a backdoor trojan horse that opens TCP ports, allowing unauthorized access to an infected computer. The existence of the file servics.exe is an indication of a possible infection.
Port used by Dell OpenManage
Port is IANA registered for: OMA Roaming Location |
| 7274 |
tcp |
trojan |
Premium scan |
AutoSpY trojan |
| 7275 |
tcp,udp |
oma-ulp |
not scanned |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, UE crash is seen due to IPCMem exhaustion, when UDP data is pumped to UE's ULP (UserPlane Location protocol) UDP port 7275.
References: [CVE-2016-10416], [BID-103671]
IANA registered for: OMA UserPlane Location |
| 7279 |
tcp |
citrix |
not scanned |
Citrix vendor license server daemon port (IANA official). |
| 7283 |
tcp |
genstat |
not scanned |
General Statistics Rendezvous Protocol [VSN International Ltd] (IANA official) |
| 7290 |
tcp |
trojan |
Premium scan |
NOSecure trojan |
| 7291 |
tcp |
trojan |
Premium scan |
NOSecure trojan |
| 7292 |
udp |
applications |
not scanned |
QuickTime Streaming Server |
| 7300 |
tcp |
trojans |
Premium scan |
WinMagic SecureDoc Server uses port 7300 TCP by default.
NetMonitor trojan (a.k.a. NetSpy, NTMonitor, BackDoor-E.srv., Backdoor.Netspy, Backdoor.NetMonitor)
Backdoor.Win32.Wollf.h / Hardcoded Cleartext Password - the malware listens on TCP port 7300 and runs with SYSTEM
integrity. Authentication is required for remote user access. However, the password "grish5800" is hardcoded within the executable. The malware is packed with UPX and exposes the cleartext credentials when decompressed.
References: [MVID-2021-0405] |
| 7301 |
tcp |
trojan |
Premium scan |
NetMonitor trojan (a.k.a. NetSpy, NTMonitor, BackDoor-E.srv., Backdoor.Netspy, Backdoor.NetMonitor) |
| 7302 |
tcp |
trojan |
not scanned |
NetMonitor/NetSpy trojan |
| 7303 |
tcp |
trojan |
not scanned |
NetMonitor/NetSpy trojan |
| 7304 |
tcp |
trojan |
not scanned |
NetMonitor/NetSpy trojan |
| 7305 |
tcp |
trojan |
not scanned |
NetMonitor/NetSpy trojan |
| 7306 |
tcp |
trojan |
Premium scan |
NetMonitor trojan (a.k.a. NetSpy, NTMonitor, BackDoor-E.srv., Backdoor.Netspy, Backdoor.NetMonitor)
Zimbra mysql [mailbox]
Backdoor.Win32.NetSpy.10 / Heap Corruption - the malware listens on TCP port 7306 and drops an executable named "SPYNOTIFY.EXE" under SysWOW64 dir. Third-party attackers who can reach the server can send a specially crafted payload causing a heap corruption overwriting EDX and EAX registers.
References: [MVID-2021-0235]
Backdoor.Win32.NetSpy.10 / Unauthenticated Remote Command Execution - the malware listens on TCP port 7306. Attackers who can reach infected hosts can run commands made available by the backdoor. Sending commands using Ncat and Telnet both fail with errors, probably don't like the linefeed chars, so need to write your own custom client. Example commands avail are put, mkd, exec and msg.
References: [MVID-2022-0551] |
| 7307 |
tcp |
trojan |
Premium scan |
NetMonitor trojan (a.k.a. NetSpy, NTMonitor, BackDoor-E.srv., Backdoor.Netspy, Backdoor.NetMonitor)
IANA registered for: Zimbra mysql [logger]. |
| 7308 |
tcp |
|
Premium scan |
NetMonitor trojan (a.k.a. NetSpy, NTMonitor, BackDoor-E.srv., Backdoor.Netspy, Backdoor.NetMonitor) |
| 7309 |
tcp |
trojan |
Premium scan |
NetMonitor/NetSpy trojan |
| 7312 |
tcp |
trojan |
Premium scan |
Yajing trojan |
| 7312 |
udp |
applications |
not scanned |
Sibelius License Server |
| 7323 |
tcp |
trojan |
Premium scan |
Sygate Backdoor |
| 7329 |
tcp |
trojans |
Premium scan |
Backdoor.Netshadow [Symantec-2005-020912-0845-99] (2005.02.09) - a trojan horse with backdoor capabilities. Listens on port 7329 by default (port configurable). |
| 7331 |
tcp,udp |
games |
not scanned |
Magicka game uses ports 7331, 27016 |
| 7339 |
tcp,udp |
swx |
not scanned |
Techboard/Syac DigiEye 3G could allow a remote attacker to execute arbitrary commands on the system, caused by an undocumented backdoor service listening on TCP port 7339. An attacker could exploit this vulnerability to execute arbitrary commands on the system.
Refereces: [BID-68426], [OSVDB-108797], [XFDB-94710]
IANA registered for: The Swiss Exchange |
| 7351 |
tcp |
swx |
not scanned |
Swiss Exchange (IANA registered) |
| 7351 |
udp |
meraki |
not scanned |
Cisco Meraki appliances use port 7351 UDP
Swiss Exchange (IANA registered) |
| 7352 |
tcp,udp |
swx |
not scanned |
Virus.Win32.Shodi.e / Insecure Transit - the virus listens on TCP port 7352 and has a chat feature. Messages are passed in unencrypted plaintext across the network. Well positioned third-party attackers who can intercept traffic will have the ability to read all communications.
References: [MVID-2021-0279]
The Swiss Exchange (IANA official) |
| 7358 |
tcp,udp |
applications |
not scanned |
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
References: [BID-5833], [CVE-2002-1883], [XFDB-10227], [OSVDB-59888]
Port is also IANA registered for The Swiss Exchange |
| 7379 |
tcp |
webdis |
not scanned |
Webdis (HTTP web server interface to Redis) uses port 7379 TCP |
| 7390 |
tcp,udp |
applications |
not scanned |
The Swiss Exchange |
| 7396 |
tcp |
applications |
not scanned |
Web control interface for Folding@home v7.3.6 and later |
| 7400 |
tcp,udp |
rtps-discovery |
not scanned |
A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.
References: [CVE-2018-0409], [BID-105102], [BID-105104]
IANA registered for: RTPS Discovery |
| 7401 |
tcp,udp |
rtps-dd-ut |
not scanned |
Backdoor.Win32.Delf.eg / Unauthenticated Remote Command Execution - the malware listens on TCP port 7401. Third-party adversarys who can reach infected systems can issue commands made available by the backdoor. Call "exec" plus the program name, to launch the victims browser you add URL after exec and so forth.
References: [MVID-2022-0647]
RTPS Data-Distribution User-Traffic (IANA official) |
| 7402 |
tcp,udp |
rtps-dd-mt |
not scanned |
IANA registered for: RTPS Data-Distribution Meta-Traffic |
| 7410 |
tcp |
trojan |
Premium scan |
Backdoor.phoenix [Symantec-2002-091617-4242-99] |
| 7411 |
tcp,udp |
daqstream |
not scanned |
IANA registered for: Streaming of measurement data |
| 7420 |
udp |
ipluminary |
not scanned |
Multichannel real-time lighting control |
| 7423 |
udp |
readyshare |
not scanned |
Netgear routers are known to broadcast every 3 seconds to the LAN on UDP port 7423, related to USB Control Center and ReadyShare (even if readyshare is disabled).
USB ReadyShare print services
QuickTime Media Server
|
| 7424 |
tcp,udp |
trojan |
not scanned |
Host Control trojan |
| 7441 |
tcp |
trojans |
Premium scan |
Backdoor.MeteorShell [Symantec-2003-101407-2313-99] (2003.10.14) - a trojan horse that allows unauthorized access to an infected computer. This trojan opens TCP port 7441, by default. |
| 7443 |
tcp,udp |
applications |
not scanned |
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
References: [CVE-2021-22003] |
| 7444 |
tcp |
vmware |
not scanned |
VMware vCenter Single Sign On HTTPS Port |
| 7464 |
tcp,udp |
applications |
not scanned |
Python Documentation Server is vulnerable to cross-site scripting, caused by improper filtering of user-supplied input. A remote attacker could create a specially-crafted URL containing malicious script to the server listening on port 7464, which would be executed in the victim's Web browser within the security context of the hosting site, once the link is clicked and an error page is returned.
References: [BID-7353] |
| 7471 |
tcp |
sttunnel |
not scanned |
Stateless Transport Tunneling Protocol (IANA official) |
| 7473 |
tcp,udp |
rise |
not scanned |
IANA registered for: Rise: The Vieneo Province |
| 7474 |
tcp |
neo4j |
not scanned |
Neo4j Graph Database - Neo Technology Inc (IANA official) |
| 7478 |
tcp |
openit |
not scanned |
IANA registered for: IT Asset Management
Default port used by Open iT Server |
