| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 8400 |
tcp,udp |
cvd |
not scanned |
cvp, Commvault Unified Data Management
IANA registered for: cvd |
| 8401 |
tcp |
sqladmin |
not scanned |
Plesk sqladmin (Windows) uses port 8401/tcp |
| 8404 |
tcp |
svcloud |
not scanned |
Microsoft Lync server uses these ports:
444, 445, 448, 881, 5041, 5060 - 5087, 8404 TCP
80, 135, 443, 4443, 8060, 8061, 8080 TCP - standard ports and HTTP(s) traffic
1434 UDP - SQL
49152-57500 TCP/UDP - media ports
SuperVault Cloud [Nine Technology LLC] (IANA official) |
| 8405 |
tcp |
svbackup |
not scanned |
SuperVault Backup [Nine Technology LLC] (IANA official) |
| 8415 |
tcp |
dlpx-sp |
not scanned |
Delphix Session Protocol [Delphix_Corp] (IANA official) |
| 8423 |
tcp |
aritts |
not scanned |
IANA registered for: Aristech text-to-speech server |
| 8432 |
tcp |
pgbackrest |
not scanned |
PostgreSQL Backup (IANA official) |
| 8433 |
udp |
aws-as2 |
not scanned |
Non Persistent Desktop and Application Streaming (IANA official) |
| 8442 |
tcp,udp |
cybro-a-bus |
not scanned |
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.)
References: [CVE-2020-11631]
IANA registered for: CyBro A-bus Protocol |
| 8443 |
tcp |
applications |
Members scan |
Common alternative HTTPS port.
PCSync HTTPS (SSL), SW Soft Plesk Control Panel, Apache Tomcat SSL, iCal service (SSL), Cisco WaaS Central Manager (SSL administration port), Promise WebPAM SSL
Ubiquiti UniFi Controller uses these ports:
8080 tcp - http port for UAP to inform controller
8443 tcp - https port for controller GUI/API
8880 tcp - http portal redirect port (may also use ports 8881, 8882)
8843 tcp - https portal redirect port
3478 udp - STUN port (should be open at firewall)
Cisco WaaS Central Manager standard SSL administration port.
Cisco Spark application (Cisco Webex Teams services) uses these ports:
443, 8443 TCP - signaling
5004 TCP/UDP - media
33434 TCP/UDP - media port
Note: older versions of Cisco Webex Teams services may use these additional ports: 53, 123, 444 TCP and 33434-33598 UDP (SIP calls)
German Health Getwork (aka Gesundheitskarte) "Konnektor" uses ports 8443 and 9443.
Tanium Server, Client and Appliance use these TCP ports: 80, 443, 8443, 17472, 17477
Wyze cameras use these ports:
80, 443 TCP/UDP - timelapse, cloud uploads, streaming data
8443 TCP - cloud api, server connection
123 TCP - time check
10001 TCP - P2P WiFi live streaming
10002 TCP - Firmware updates
22345 TCP - control, used when live streaming
Cyclops Blink Botnet uses these ports. The malware has targeted governments, WatchGuard firewalls, ASUS routers, etc., it is active as of March 2022, and it is believed to be operated by the Sandworm threat group linked to Russian intelligence. Cyclops Blink botnet malware uses the following TCP ports: 636, 989, 990, 992, 994, 995, 3269, 8443
Symantec Endpoint Protection Manager could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the SAP XML parser when processing XML data. By sending a specially-crafted request to TCP port 8443, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information.
References: [XFDB-91102], [EDB-31853], [EDB-31917]
Symantec Backup Exec System Recovery Manager could allow a remote attacker to upload arbitrary files, caused by an error in the FileUpload Class running on the Symantec LiveState Apache Tomcat server. A remote attacker could exploit this vulnerability using an HTTP POST request over port 8443 (TCP) to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable system with SYSTEM privileges.
References: [XFDB-40260]
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
References: [CVE-2021-22002] |
| 8444 |
tcp |
bitmessage |
not scanned |
Bitmessage p2p encrypted communication protocol uses this port by default
Chia |
| 8445 |
tcp |
copy |
not scanned |
Port for copy peer sync feature [Copy] (IANA official)
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.
References: [CVE-2016-5306], [BID-91449], [XFDB-114609] |
| 8445 |
udp |
copy-disc |
not scanned |
Port for copy discovery [Copy] (IANA official) |
| 8448 |
tcp,udp |
matrix |
Premium scan |
Matrix protocol (open source decentralized real-time communication over IP) uses port 8448. |
| 8453 |
tcp |
applications |
not scanned |
EMC Data Protection Advisor could allow a remote attacker to execute arbitrary code on the system, caused by an error in the exposed EJBInvokerServlet servlet within the DPA_Illuminator.exe service. By sending a specially-crafted object to TCP ports 8090 or 8453, an attacker could exploit this vulnerability to execute arbitrary code NT AUTHORITY\SYSTEM privileges.
References: [XFDB-89534], [EDB-30211] |
| 8457 |
tcp |
nexentamv |
not scanned |
Nexenta Management GUI [Nexenta] (IANA official) |
| 8469 |
tcp,udp |
games |
not scanned |
Dyson Sphere Program (Game) with the multiplayer mod Nebula uses port 8469 |
| 8471 |
tcp,sctp |
pim-port |
not scanned |
PIM over Reliable Transport [IESG] [RFC 6559] (IANA official) |
| 8488 |
udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 8489 |
udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 8500 |
tcp |
Macromedia |
not scanned |
Ethersphere Swarm (distributed storage and communication system) uses these ports:
6060, 6831 tcp - pprof debugging http server
8500, 8545 tcp - web access http api
Macromedia ColdFusion MX Server (Edition 6) uses port 8500 to allow remote access as Web server
Rumble Fighter uses this ports 7000-8500 (TCP/UDP) |
| 8500 |
udp |
applications |
not scanned |
Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, a.k.a. bug ID CSCsg60949.
References: [CVE-2007-1826], [CVE-2007-1834], [BID-23181], [SECUNIA-24690]
Port is also IANA registered for Flight Message Transfer Protocol |
| 8501 |
tcp |
cmtp-mgt |
not scanned |
DukesterX - default
Streamlit Open-source Python framework for machine learning and data science
CYTEL Message Transfer Management (IANA official) |
| 8501 |
udp |
cmtp-av |
not scanned |
CYTEL Message Transfer Audio and Video (IANA official) |
| 8502 |
tcp |
ftnmtp |
not scanned |
FTN Message Transfer Protocol (IANA official) |
| 8503 |
udp |
lsp-self-ping |
not scanned |
MPLS LSP Self-Ping (IANA official) |
| 8521 |
tcp |
njrat |
not scanned |
njRAT remote access malware - default port is 1177, may also use ports 8008 and 8521. |
| 8536 |
tcp |
malware |
not scanned |
Backdoor.Win32.Autocrat.b / Weak Hardcoded Credentials - the malware is packed with PeCompact, listens on TCP port 8536 and requires authentication. However, the password "autocrat" is weak and hardcoded within the PE file. Unpacking the executable, easily reveals the cleartext password.
References: [MVID-2022-0660] |
| 8543 |
tcp |
applications |
not scanned |
Ubiquiti Cloud Access uses the following ports:
80/tcp
3478/udp
8543/tcp
11143/tcp
MatrikonOPC could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to TCP port 8543 containing "dot dot" sequences (/../) when the Health Monitor service is running to view arbitrary files on the system.
References: [CVE-2013-0673] [XFDB-83858] [BID-59528]
|
| 8545 |
tcp |
json |
not scanned |
JSON RPC default port
Ethersphere Swarm (distributed storage and communication system) uses these ports:
6060, 6831 tcp - pprof debugging http server
8500, 8545 tcp - web access http api |
| 8546 |
tcp |
trojans |
Members scan |
Backdoor.Berbew [Symantec-2003-071616-0350-99] (2003.07.16) - a backdoor trojan horse that steals passwords, may open ports 7714 and 8546. |
| 8550 |
tcp,udp |
4psa |
not scanned |
Primary/Master 4PSA DNS Manager server - http://www.4psa.com/
Port is used for master/slave connection between servers, also uses ports 53 and 953 tcp/udp. |
| 8555 |
tcp |
applications |
not scanned |
Symantec DLP OCR Engine
Chia JSON-RPC server |
| 8563 |
tcp |
trojans |
Members scan |
W32.Zotob.H [Symantec-2005-081717-2017-99] (2005.08.17) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability ([MS05-039]) on port 445/tcp. It runs and spreads using all current Windows versions, but only infects Windows 2000.
The worm connects to IRC servers and listens for remote commands on port 6667/tcp. It opens port 69/udp to initiate TFTP transfers. It also opens a backdoor on remote compromised computers on port 8563/tcp. |
| 8567 |
tcp,udp |
enc-tunnel |
not scanned |
EMIT tunneling protocol [Panasonic_Intranet_Panasonic_North_America_PEWLA] (IANA official) |
| 8585 |
tcp |
applications |
Premium scan |
inSpeak Communicator
MapleStory Game Server
Trojan.Dosvine (TCP) [Symantec-2010-033116-1305-99] (2010.03.31) - a trojan horse that may perform malicious activities on the compromised computer. |
| 8586 |
tcp |
applications |
not scanned |
MapleStory Game Server |
| 8587 |
tcp |
applications |
not scanned |
MapleStory Game Server |
| 8588 |
tcp |
applications |
not scanned |
MapleStory Game Server |
| 8589 |
tcp |
applications |
not scanned |
MapleStory Game Server |
| 8594 |
tcp |
trojans |
Basic scan |
W32.Zotob.E [Symantec-2005-081615-4443-99] (2005.08.16) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It runs and spreads using all current Windows versions, but only infects Windows 2000.
The worm connects to IRC servers and listens for remote commands on port 8080/tcp. It opens port 69/udp to initiate TFTP transfers. It also opens a backdoor on remote compromised computers on port 8594/tcp. |
| 8601 |
tcp |
applications |
not scanned |
Wavestore CCTV protocol |
| 8602 |
tcp,udp |
applications |
not scanned |
XBConnect, Wavestore Notification protocol |
| 8609 |
udp |
canon-cpp-disc |
not scanned |
Canon Compact Printer Protocol Discovery [Canon Inc] (IANA official) |
| 8610 |
tcp,udp |
canon-mfnp |
not scanned |
Canon MFNP Service |
| 8611 |
tcp,udp |
canon-bjnp1 |
not scanned |
Canon BJNP Port 1 (IANA official) |
| 8612 |
tcp,udp |
canon-bjnp2 |
not scanned |
Canon BJNP Port 2 (IANA official) |
| 8613 |
tcp,udp |
canon-bjnp3 |
not scanned |
Canon BJNP Port 3 (IANA official) |
| 8614 |
tcp,udp |
canon-bjnp4 |
not scanned |
Canon BJNP Port 4 (IANA official) |
| 8615 |
tcp |
imink |
not scanned |
Imink Service Control [Canon Inc] (IANA official) |
| 8642 |
tcp |
applications |
not scanned |
Lotus Traveller |
| 8665 |
tcp |
monetra |
not scanned |
Backdoor.Win32.Agent.aegg / Weak Hardcoded Credentials - the malware listens on TCP port 8665. Authentication is required, however the password "Xc 2870508" is weak and hardcoded within the PE file.
References: [MVID-2022-0571]
Monetra (IANA official) |
| 8666 |
tcp |
monetra-admin |
not scanned |
IANA registered for: Monetra Administrative Access |
| 8667 |
tcp |
applications |
not scanned |
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
References: [CVE-2018-10201], [EDB-44497] |
| 8668 |
tcp |
spartan |
not scanned |
Spartan management (IANA official) |
| 8675 |
tcp |
msi-cps-rm |
not scanned |
Motorola Solutions Customer Programming Software for Radio Management [Motorola Solutions Inc](IANA official) |
| 8675 |
udp |
msi-cps-rm-disc |
not scanned |
Motorola Solutions Customer Programming Software for Radio Management Discovery [Motorola Solutions Inc] (IANA official) |
| 8685 |
tcp |
trojan |
Premium scan |
Unin68 trojan |
| 8688 |
tcp |
openremote-ctrl |
not scanned |
OpenRemote Controller HTTP/REST [OpenRemote_Inc] (IANA official) |
| 8691 |
tcp |
applications |
not scanned |
Ultra Fractal default server port for distributing calculations over network computers |
| 8701 |
tcp |
applications |
not scanned |
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701.
References: [CVE-2016-2231], [XFDB-110727] |
| 8701 |
udp |
applications |
not scanned |
SoftPerfect Bandwidth Manager |
| 8702 |
udp |
applications |
not scanned |
SoftPerfect Bandwidth Manager |
| 8710 |
tcp |
semi-grpc |
not scanned |
IANA registered for: gRPC for SEMI Standards implementations |
| 8711 |
tcp |
nvc |
not scanned |
Nuance Voice Control [Nuance Communications Inc] (IANA official) |
| 8719 |
tcp |
trojans |
Premium scan |
Backdoor.WinShell.50 [Symantec-2003-080611-0047-99] - remote access trojan, affects all current Windows versions, listens on port 8719. It is an earlier variant of Backdoor.WinShell.50.b [Symantec-2003-081110-5211-99] (port 39581) and usually packed along with Trojan.Stealther.B [Symantec-2003-080716-1231-99]. |
| 8720 |
tcp |
trojan |
Premium scan |
Connection trojan |
| 8728 |
tcp |
mikrotik |
not scanned |
MikroTik RouterOS uses the following ports:
5678/udp - Mikrotik Neighbor Discovery Protocol
6343/tcp - Default OpenFlow port
8080/tcp - HTTP Web Proxy
8291/tcp - Winbox GUI
8728/tcp - API
8729/tcp - API-SSL
20561/udp - MAC Winbox GUI |
| 8729 |
tcp |
mikrotik |
not scanned |
MikroTik RouterOS uses the following ports:
5678/udp - Mikrotik Neighbor Discovery Protocol
6343/tcp - Default OpenFlow port
8080/tcp - HTTP Web Proxy
8291/tcp - Winbox GUI
8728/tcp - API
8729/tcp - API-SSL
20561/udp - MAC Winbox GUI |
| 8732 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 8732 |
udp |
dtp-net |
not scanned |
DASGIP Net Services |
| 8734 |
tcp |
trojan |
Premium scan |
AutoSpY trojan |
| 8750 |
tcp |
dey-keyneg |
not scanned |
DEY Storage Key Negotiation - DEY Storage Systems Inc (IANA official) |
| 8765 |
tcp,udp |
ultraseek-http |
not scanned |
Default port of a local GUN relay peer that the Internet Archive and others use as a decentralized mirror for censorship resistance.
IANA registered for: Ultraseek HTTP |
| 8766 |
tcp,udp |
amcs |
not scanned |
Agilent Connectivity Service - Agilent Technologies Inc (IANA official)
Breach game (UDP) |
| 8767 |
udp |
teamspeak |
Premium scan |
Teamspeak 2 default server port (configurable in server.ini). Program can also use port 51234 for server queries, and port 80/tcp or 14534/tcp for administration. For TS3, see ports 9987/udp, 10011/tcp, 30033/tcp. |
| 8767 |
tcp |
core-of-source |
not scanned |
Online mobile multiplayer game (IANA official) |
| 8768 |
tcp |
sandpolis |
not scanned |
Sandpolis Server (IANA official) |
| 8768 |
udp |
applications |
not scanned |
TeamSpeak—alternate |
| 8769 |
tcp |
oktaauthenticat |
not scanned |
IANA registered for: Okta MultiPlatform Access Mgmt for Cloud Svcs |
| 8777 |
udp |
games |
not scanned |
Astroneer (UDP) server
America's Army
Deus Ex (TCP/UDP)
Rainbow Six
Raven Shield: Athena Sword (TCP/UDP)
Unreal Tournament (TCP/UDP)
America's Army is vulnerable to a denial of service, caused by the improper handling of multiple players joining the server. By sending specially-crafted packets to UDP port 8777, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-52458] [BID-35749] |
| 8778 |
tcp |
uec |
not scanned |
EPOS Speech Synthesis System
Stonebranch Universal Enterprise Controller (IANA official) |
| 8787 |
tcp |
trojan |
Premium scan |
Back Orifice 2000 (BO2K) trojan |
| 8800 |
tcp |
address book |
not scanned |
Apple Address Book (Mac OS X Server v10.6 and later)
Sun Java System Web Server could allow a remote attacker to execute arbitrary code on the system, caused by a format string error in the WebDAV functionality. By sending a specially-crafted HTTP request on TCP port 8800 containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the webservd process to crash.
References: [XFDB-55812], [BID-37910] |
| 8801 |
tcp,udp |
zoom |
not scanned |
Zoom Video Conferencing uses these ports:
TCP: 80,443, 8801, 8802 - Zoom clients to Zoom meetings outbound connections.
UDP 3478, 3479, 8801-8810 Zoom meetings
Zoom Phone also uses outbound ports 390/tcp and 5091/tcp |
| 8802 |
tcp,udp |
zoom |
not scanned |
Zoom Video Conferencing uses these ports:
TCP: 80,443, 8801, 8802 - Zoom clients to Zoom meetings outbound connections.
UDP 3478, 3479, 8801-8810 Zoom meetings
Zoom Phone also uses outbound ports 390/tcp and 5091/tcp |
| 8805 |
udp |
pfcp |
not scanned |
IANA registered for: Destination Port number for PFCP |
| 8807 |
udp |
hes-clip |
not scanned |
IANA registered for: HES-CLIP Interoperability protocol |
| 8808 |
udp |
ssports-bcast |
not scanned |
IANA registered for: STATSports Broadcast Service |
| 8809 |
udp |
3gpp-monp |
not scanned |
IANA registered for: MCPTT Off-Network Protocol (MONP) |
| 8811 |
tcp |
trojans |
Premium scan |
Backdoor.Fearic [Symantec-2002-080710-2744-99] (2002.08.07) - remote access trojan, affects all current Windows versions, opens ports 2000, 3456, 8811.
Backdoor.Monator [Symantec-2003-041712-0735-99] (2003.04.17) - a backdoor trojan that gives a hacker full access to your computer. By default it opens port 8811 for listening. |
| 8812 |
tcp |
trojan |
Premium scan |
FraggleRock Lite trojan |
| 8821 |
tcp |
trojan |
Premium scan |
Alicia trojan
Apple Final Cut Server also uses this port. |
| 8834 |
tcp,udp |
applications |
not scanned |
Nessus web |
| 8840 |
tcp |
applications |
not scanned |
Opera Unite server |
| 8843 |
tcp |
apple |
not scanned |
Apple Address Book (Mac OS X Server v10.6 and later)
UniFi Controller uses these ports:
8080 tcp - http port for UAP to inform controller
8443 tcp - https port for controller GUI/API
8880 tcp - http portal redirect port (may also use ports 8881, 8882)
8843 tcp - https portal redirect port
3478 udp - STUN port |
| 8848 |
tcp |
trojan |
Premium scan |
Backdoor.Binghe [Symantec-2005-030215-5059-99] (2005.03.02) - a back door Trojan horse program that allows unauthorized access to a compromised computer. The trojan logs keystrokes, steals information, and has ability to execute programs. Opens a back door on TCP ports 8848 and 8379, and UDP port 8379.
Whirlpool trojan also uses this port |
| 8848 |
udp |
messoa |
not scanned |
Port 8848 UDP is used by MESSOA IP cameras as a heartbeat. Every few seconds they send a small comma separated string: $MessoaIPCamera,ipaddress,subnetmask,macaddress,port
Backdoor.Win32.Whirlpool.10 / Remote Stack Buffer Overflow - Whirlpool listens on UDP Datagram ports 8848 and 8864. Sending a 192 byte payload to port 8864 triggers a stack buffer overflow overwriting both EIP and SEH. This can allow third party attackers to compromise the backdoor malware.
References: [MVID-2021-0038] |
| 8864 |
tcp |
trojan |
Premium scan |
Whirlpool trojan |
| 8864 |
udp |
malware |
not scanned |
Backdoor.Win32.Whirlpool.10 / Remote Stack Buffer Overflow - Whirlpool listens on UDP Datagram ports 8848 and 8864. Sending a 192 byte payload to port 8864 triggers a stack buffer overflow overwriting both EIP and SEH. This can allow third party attackers to compromise the backdoor malware.
References: [MVID-2021-0038] |
