| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 15001 |
udp |
klnagent |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 15002 |
tcp |
onep-tls |
not scanned |
Open Network Environment TLS [Cisco_3] (IANA official) |
| 15012 |
tcp,udp |
applications |
not scanned |
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, 'istiod', is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.
References: [CVE-2022-23635] |
| 15017 |
tcp,udp |
applications |
not scanned |
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities.
References: [CVE-2022-24726]
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.
References: [CVE-2022-39278] |
| 15064 |
tcp |
apps |
not scanned |
LogMeIn may use port 15064/tcp
Dameware (dwrcs.exe) may use this port
Ring Doorbell uses TCP ports 80, 443, 5228, 15064. In addition, it may use a random UDP port, and outbound TCP ports 7078, 9078, 9998, 9999, 15063
|
| 15077 |
tcp,udp |
applications |
not scanned |
The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.
References: [BID-5703], [CVE-2002-1501], [XFDB-10096] |
| 15078 |
tcp,udp |
applications |
not scanned |
The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.
References: [BID-5703], [CVE-2002-1501], [XFDB-10096] |
| 15092 |
tcp |
trojan |
not scanned |
Host Control trojan |
| 15101 |
tcp |
games |
not scanned |
Tribes 2, Emperor: Rise of the Middle Kingdom, Ground Control, Hoyle Online, Swat 3, Arcanum, PGA Championship Golf 2000 |
| 15104 |
tcp |
trojan |
not scanned |
Mstream trojan
Tribes 2 also uses this port. |
| 15111 |
udp |
ksnproxy |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 15118 |
tcp |
trojans |
Premium scan |
Dipnet (a.k.a. Oddbob) trojan. Exploits the Windows port 445 vulnerability (MS Security Bulletin [MS04-011]). Uses tcp ports 11768 and 15118. |
| 15118 |
udp |
v2g-secc |
not scanned |
IANA registered for: v2g Supply Equipment Communication Controller Discovery Protocol |
| 15152 |
tcp |
applications |
not scanned |
Exteel |
| 15200 |
tcp |
games |
not scanned |
Nascar 3, Emperor: Rise of the Middle Kingdom, Ground Control, Hoyle Online, Swat 3 |
| 15204 |
tcp |
games |
not scanned |
Tribes 2, Arcanum |
| 15206 |
tcp |
trojan |
Premium scan |
KiLo [Symantec-2003-021319-1815-99] trojan
Tribes 2 also uses this port.
Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram) - the malware listens on TCP ports 6712, 6713, 6714, 6715, 7722, 15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host can send a large payload to UDP port 6666 causing a disruption in service.
References: [MVID-2022-0546] |
| 15207 |
tcp |
trojan |
Premium scan |
KiLo trojan [Symantec-2003-021319-1815-99]
Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram) - the malware listens on TCP ports 6712, 6713, 6714, 6715, 7722, 15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host can send a large payload to UDP port 6666 causing a disruption in service.
References: [MVID-2022-0546] |
| 15210 |
udp |
trojan |
not scanned |
UDP remote shell backdoor server |
| 15213 |
tcp,udp |
games |
not scanned |
Original War |
| 15252 |
tcp,udp |
routers |
not scanned |
Port 15252/UDP used by MikroTik routers IP Cloud |
| 15300 |
tcp |
games |
not scanned |
Emperor: Rise of the Middle Kingdom, Swat 3, Arcanum |
| 15345 |
tcp,udp |
xpilot |
not scanned |
IANA registered for: XPilot Contact |
| 15348 |
tcp |
trojans |
not scanned |
Backdoor.Bionet.404 [Symantec-2003-110416-1452-99] (2003.11.04) - a backdoor program that permits a remote attacker access on TCP port 15348. |
| 15367 |
tcp,udp |
games |
not scanned |
Aleph One, developer: Bungie Software |
| 15382 |
tcp |
trojan |
Premium scan |
SubZero trojan |
| 15400 |
udp |
games |
not scanned |
Homeworld |
| 15401 |
udp |
games |
not scanned |
Homeworld |
| 15425 |
tcp,udp |
trojan |
Premium scan |
Backdoor.Rohimafo [Symantec-2010-041308-3301-99] (2010.04.13) - a trojan horse that opens a back door and steals information from the compromised computer. It creates a proxy server on TCP port 15425.
IRLP - Internet Radio Linking Project (uses port 1545 tcp/udp) |
| 15432 |
tcp |
trojans |
Premium scan |
Backdoor.Cyn [Symantec-2002-083012-4557-99] (2002.08) - remote access trojan, affects all current Windows versions, listens on ports 15432 and 51234. |
| 15441 |
tcp,udp |
applications |
not scanned |
ZeroNet fileserver |
| 15485 |
tcp |
trojan |
Premium scan |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 15486 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 15500 |
tcp |
trojan |
Premium scan |
In Route to the Hell trojan
Nascar 3, Hoyle Online also use this port. |
| 15512 |
tcp |
trojan |
Premium scan |
Iani trojan |
| 15551 |
tcp |
trojan |
Premium scan |
In Route to the Hell trojan |
| 15553 |
tcp |
trojans |
not scanned |
Backdoor.Dewin [Symantec-2002-061211-5916-99] (2002.06.12) - allows a hacker to gain access to and remotely control an infected computer. The Trojan program is written in Microsoft Visual C++ and is compressed with PECompact. |
| 15555 |
tcp |
trojan |
Premium scan |
ICMIBC trojan |
| 15556 |
tcp,udp |
applications |
not scanned |
Jeex.EU Artesia (direct client-to-db.service) |
| 15567 |
udp |
applications |
not scanned |
Battlefield Vietnam server port |
| 15668 |
udp |
games |
not scanned |
Heroes of Might and Magic III, developer: New World Computing |
| 15670 |
tcp |
stomp |
not scanned |
Port sometimes used by STOMP (Simple/Streaming Text Oriented Messaging Protocol, a web version of AMQP, or MQTT). |
| 15672 |
tcp,udp |
applications |
not scanned |
360 Share, developer: 360share
RabbitMQ management plugin uses this port |
| 15674 |
tcp |
stomp |
not scanned |
STOMP (Simple/Streaming Text Oriented Messaging Protocol) standard port. STOMP is a web version of AMQP or MQTT |
| 15690 |
udp |
applications |
not scanned |
ASE Port, Battlefield Vietnam |
| 15695 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 15800 |
tcp |
games |
not scanned |
Tribes 2, Emperor: Rise of the Middle Kingdom, Swat 3, Arcanum |
| 15802 |
tcp |
games |
not scanned |
Throne of Darkness |
| 15845 |
udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 15852 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 15855 |
tcp |
trojans |
not scanned |
Trojan.Looksky [Symantec-2006-060512-1520-99] (2006.06.05) - a trojan horse that opens a back door and downloads files onto the compromised computer. The trojan also contains rootkit functionality. |
| 15858 |
tcp |
trojans |
Premium scan |
CDK trojan (ports 79, 15858) |
| 15963 |
tcp,udp |
applications |
not scanned |
Turkojan |
| 15998 |
udp |
2ping |
not scanned |
IANA registered for: 2ping Bi-Directional Ping Service |
| 15999 |
tcp |
programmar |
not scanned |
IANA registered for: ProGrammar Enterprise. |
| 16000 |
tcp,udp |
applications |
not scanned |
Motorhead Server, shroudBNC
Oracle WebCenter Content: Imaging (formerly known as Oracle Universal Content Management) (TCP). Port though often changed during installation.
Administration Server Access (IANA official)
|
| 16001 |
tcp |
fmsascon |
not scanned |
IANA registered for: Administration Server Connector. |
| 16002 |
tcp |
gsms |
not scanned |
IANA registered for: GoodSync Mediation Service |
| 16003 |
udp |
alfin |
not scanned |
IANA registered for: Automation and Control by REGULACE.ORG |
| 16010 |
tcp,udp |
applications |
not scanned |
Motorhead Server uses ports 16010-16030 |
| 16020 |
tcp |
jwpc |
not scanned |
Filemaker Java Web Publishing Core |
| 16021 |
tcp |
jwpc-bin |
not scanned |
Filemaker Java Web Publishing Core Binary |
| 16030 |
tcp,udp |
applications |
not scanned |
Motorhead Server uses ports 16010-16030 |
| 16057 |
tcp |
trojan |
Premium scan |
MoonPie trojan |
| 16080 |
tcp |
applications |
not scanned |
Mac OS X Server Web (HTTP) service with performance cache |
| 16102 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp)
References: [CVE-2011-5124] |
| 16162 |
tcp |
solaris-audit |
not scanned |
Solaris Audit - secure remote audit log |
| 16200 |
tcp |
applications |
not scanned |
Oracle Universal Content Management Content Server
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
References: [CVE-2009-2874], [BID-36675] |
| 16250 |
udp |
applications |
not scanned |
Ghost Recon Advanced Warfighter is vulnerable to a denial of service, caused by a signedness error. By sending specially-crafted packets to UDP port 16250, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-60153], [BID-41459], [SECUNIA-40465] |
| 16250 |
tcp |
applications |
not scanned |
Oracle Universal Content Management Inbound Refinery |
| 16261 |
tcp,udp |
applications |
not scanned |
Project Zomboid multiplayer. Additional sequential ports used for each player connecting to server |
| 16286 |
tcp,udp |
applications |
not scanned |
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests.
References: [CVE-2001-1057], [BID-3120] |
| 16322 |
tcp |
trojans |
Premium scan |
Backdoor.Lastdoor [Symantec-2002-090517-3251-99] (2002.09.04) - remote access trojan. Affects all current Windows versions. |
| 16379 |
tcp |
applications |
not scanned |
Redis Cluster bus |
| 16384 |
udp |
connected |
not scanned |
Apple iChat AV (Audio RTP, RTCP; Video RTP, RTCP) uses ports 16384-16403
Verizon VoiceWing uses ports 16384-16392 (TCP/UDP)
Iron Mountain Digital online backup
Connected Corp (TCP/UDP) (IANA official) |
| 16385 |
udp |
applications |
not scanned |
Apple FaceTime, Apple Game Center (RTP/RTCP) |
| 16385 |
tcp |
rdgs |
not scanned |
Reliable Datagram Sockets (IANA official) |
| 16386 |
udp |
applications |
not scanned |
Apple FaceTime, Apple Game Center (RTP/RTCP) |
| 16387 |
udp |
applications |
not scanned |
Apple Game Center (RTP/RTCP) |
| 16389 |
tcp |
applications |
not scanned |
A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically.
References: [CVE-2017-9938], [BID-99539], [XFDB-128367] |
| 16392 |
tcp,udp |
applications |
not scanned |
Verizon VoiceWing uses ports 16384-16392 |
| 16393 |
udp |
applications |
not scanned |
Apple FaceTime (RTP/RTCP) uses ports 16393-16402 |
| 16402 |
udp |
applications |
not scanned |
Apple FaceTime (RTP/RTCP) uses ports 16393-16402 |
| 16403 |
udp |
applications |
not scanned |
Apple Game Center (RTP/RTCP) uses ports 16403-16472 |
| 16420 |
udp |
applications |
not scanned |
Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP)
Apple Game Center also uses this port |
| 16464 |
tcp |
trojan |
Premium scan |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 16465 |
tcp |
trojan |
not scanned |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 16470 |
tcp |
zeroaccess |
Premium scan |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 16471 |
tcp |
trojan |
Premium scan |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 16484 |
tcp |
trojan |
not scanned |
Mosucker trojan |
| 16499 |
udp |
games |
not scanned |
Star Trek Armada II |
| 16514 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 16515 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
| 16523 |
tcp |
trojan |
Premium scan |
Back streets trojan |
| 16567 |
udp |
applications |
not scanned |
Default Battlefield 2 server port |
| 16638 |
udp |
games |
not scanned |
SWAT3 game |
| 16639 |
tcp |
games |
not scanned |
SWAT3 game |
| 16660 |
tcp |
trojan |
not scanned |
Stacheldraht (DDoS) |
| 16661 |
tcp |
trojans |
Premium scan |
Backdoor.Haxdoor.D [Symantec-2005-012411-2332-99] (2005.01.24) - backdoor trojan program. Also attempts to log key strokes and steal passwords. Listens on port 16661/tcp, opens two additional high random ports.
Backdoor.Haxdoor.E [Symantec-2005-080212-3505-99] (2005.08.01) - trojan that opens a backdoor on the compromised computer, logs keystrokes, steals passwords and drops rootkits that run in safe mode. Opens a backdoor on one or more of the following ports: 7080/tcp, 8008/tcp, or 16661/tcp.
|
| 16666 |
udp |
vtp |
not scanned |
Vidder Tunnel Protocol [Vidder Inc] (IANA official) |
Shortcuts