| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 22222 |
tcp |
multiple |
Members scan |
Fortnight to AWS
Redgate licensing client, Davis Instruments, WeatherLink IP
SolarEdge solar plant uses this port to upload data into their cloud.
Viasat (Swedish TV provider) routes traffic to digital boxes for digital TV through this port.
Hola VPN
Some trojans/backdoors use this port: Donald D1ck, G.R.O.B, Prosiak, Ruler, RUX The TIc.K
EasyEngine - CLI tool to manage WordPress Sites on Nginx server [rtCamp_Solutions_Private_Limited] (IANA official) |
| 22223 |
tcp |
trojan |
Premium scan |
RUX The TIc.K trojan |
| 22292 |
tcp |
trojan |
Premium scan |
ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292 |
| 22306 |
tcp |
applications |
not scanned |
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
References: [CVE-2018-16224] |
| 22311 |
tcp |
trojans |
Premium scan |
Backdoor.Simali [Symantec-2003-042414-3952-99] - remote access trojan, affects Windows, listens on port 22311 by default. Notifies attacker via email or ICQ. |
| 22333 |
tcp,udp |
showcockpit-net |
not scanned |
IANA registered for: ShowCockpit Networking |
| 22335 |
tcp |
shrewd-control |
not scanned |
Initium Labs Security and Automation Control (IANA official) |
| 22335 |
udp |
shrewd-stream |
not scanned |
Initium Labs Security and Automation Streaming (IANA official) |
| 22345 |
tcp |
applications |
Premium scan |
Wyze cameras use these ports:
80, 443 TCP/UDP - timelapse, cloud uploads, streaming data
8443 TCP - cloud api, server connection
123 TCP - time check
10001 TCP - P2P WiFi live streaming
10002 TCP - Firmware updates
22345 TCP - control, used when live streaming
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).
References: [CVE-2019-9160] |
| 22347 |
tcp,udp |
wibukey |
not scanned |
Siemens Licensing Software for SICAM 230 is vulnerable to a heap-based buffer overflow. By sending a specially-crafted TCP packet to TCP port 22347, a remote attacker could overflow a buffer and execute arbitrary code on the system.
References: [CVE-2018-3991], [XFDB-156948]
WibuKey Standard WkLan (IANA official) |
| 22349 |
tcp |
applications |
not scanned |
Wolfson Microelectronics, WISCEBridge Debug Protocol |
| 22350 |
tcp,udp |
codemeter |
not scanned |
Tom Clancy's Splinter Cell: Conviction uses ports 22350-22380, developer: Ubisoft Montreal
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.
References: [CVE-2011-4057], [BID-51382]
CodeMeter Standard (IANA official) |
| 22380 |
tcp |
games |
not scanned |
Tom Clancy's Splinter Cell: Conviction uses ports 22350-22380, developer: Ubisoft Montreal |
| 22450 |
tcp,udp |
applications |
not scanned |
SiN |
| 22456 |
tcp |
trojans |
Premium scan |
Clandestine trojan
Backdoor.Bla.Trojan [Symantec-2000-121815-1846-99] - opens TCP ports 20331, 22456, 22457 by default. |
| 22457 |
tcp |
trojans |
Premium scan |
AcidShiver trojan
Backdoor.Bla.Trojan [Symantec-2000-121815-1846-99] - opens TCP ports 20331, 22456, 22457 by default. |
| 22537 |
tcp |
caldsoft-backup |
not scanned |
CaldSoft Backup server file transfer [CaldSoft] (IANA official) |
| 22554 |
tcp |
trojan |
Premium scan |
Schwindler trojan horse |
| 22555 |
udp |
vocaltec |
not scanned |
Port used by VocalTec Internet Phone. |
| 22556 |
tcp |
cryptocurrency |
Premium scan |
Dogecoin cryptocurrency uses port 22556.
Common cryptocurrency ports (TCP):
Bitcoin: 8333
Litecoin: 9333
Dash: 9999
Dogecoin: 22556
Ethereum: 30303 |
| 22609 |
tcp |
applications |
not scanned |
exacqVision |
| 22701 |
udp |
applications |
not scanned |
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
References: [CVE-2000-0830], [BID-1671] |
| 22703 |
tcp,udp |
webtv |
not scanned |
WebTV is vulnerable to a DoS exploit on this port that can reboot the machine. |
| 22705 |
udp |
applications |
not scanned |
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
References: [CVE-2000-0830], [BID-1671] |
| 22777 |
tcp |
worm |
not scanned |
W32.Spybot.ATZN [Symantec-2007-082821-0920-99] (2007.08.28) - a worm that spreads by exploiting system vulnerabilities |
| 22783 |
tcp |
trojan |
Premium scan |
Intruzzo trojan [Symantec-2002-051012-5520-99] |
| 22784 |
tcp |
trojans |
Premium scan |
Backdoor-ADM
Intruzzo trojan [Symantec-2002-051012-5520-99]
Backdoor.Renomb [Symantec-2002-090211-1409-99] (2002.09.02) - a backdoor trojan coded in Visual Basic that gives an attacker unauthorized access to an infected computer. By default it opens port 22784 on the compromised computer. |
| 22785 |
tcp |
trojan |
Premium scan |
Intruzzo trojan [Symantec-2002-051012-5520-99] |
| 22793 |
tcp |
vocaltec |
not scanned |
VocalTec Internet Phone - tcp connection to VocalTec servers on this port. |
| 22794 |
tcp |
applications |
not scanned |
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
References: [CVE-2009-2874], [BID-36675] |
| 22845 |
tcp |
trojan |
Premium scan |
Breach trojan |
| 22847 |
tcp |
trojan |
Premium scan |
Breach trojan |
| 23000 |
tcp |
trojan |
Premium scan |
Storm worm |
| 23000 |
udp |
applications |
not scanned |
Gamespy Port (for Internet games), Battlefield Vietnam, Fly For Fun (TCP/UDP) |
| 23001 |
tcp |
trojan |
Premium scan |
Storm worm |
| 23005 |
tcp |
trojans |
Premium scan |
Infinaeon, Oxon, W32.HLLW.Nettrash [Symantec-2004-011310-3331-99]
Backdoor.Platrash [Symantec-2002-101613-3415-99] (2002.10.16) - a trojan horse coded in Visual Basic 6 that can allow unauthorized access to an infected computer. By default, it opens TCP ports 23005 and 23006 to listen for a connection. |
| 23006 |
tcp |
trojans |
Premium scan |
Infinaeon, Oxon, W32.HLLW.Nettrash [Symantec-2004-011310-3331-99]
Backdoor.Platrash [Symantec-2002-101613-3415-99] (2002.10.16) - a trojan horse coded in Visual Basic 6 that can allow unauthorized access to an infected computer. By default, it opens TCP ports 23005 and 23006 to listen for a connection. |
| 23023 |
tcp |
trojan |
Premium scan |
Sometimes used as an alternate to the standard ssh port 23
Some TechniColor routers use this port for ssh using root/root as login
Logged trojan horse |
| 23032 |
tcp |
trojan |
Premium scan |
Amanda trojan |
| 23053 |
tcp |
gntp |
not scanned |
Generic Notification Transport Protocol [Growl Project] (IANA official) |
| 23073 |
tcp,udp |
games |
not scanned |
Soldat |
| 23083 |
tcp |
games |
not scanned |
Soldat |
| 23210 |
tcp,udp |
applications |
not scanned |
Gameday Payoff |
| 23213 |
tcp,udp |
applications |
not scanned |
PowWow VoIP IM chat program by Tribal Voice |
| 23214 |
tcp,udp |
applications |
not scanned |
PowWow by Tribal Voice |
| 23232 |
tcp |
trojan |
Premium scan |
Backdoor.Berbew.J trojan [Symantec-2004-082414-4142-99] - trojan that attempts to steal cached passwords and gather confidential user information by displaying fake windows. Opens a rootshell on port 23232/tcp and FTP server on port 32121/tcp. |
| 23272 |
udp |
s102 |
not scanned |
S102 application |
| 23294 |
tcp |
5afe-dir |
not scanned |
IANA registered for: 5AFE SDN Directory |
| 23294 |
udp |
5afe-disc |
not scanned |
IANA registered for: 5AFE SDN Directory discovery |
| 23321 |
tcp |
trojan |
Premium scan |
Konik trojan |
| 23399 |
tcp,udp |
applications |
not scanned |
Skype Default Protocol |
| 23401 |
tcp |
nvidia |
not scanned |
NvBackend.exe - nVidia GeForce Experience service may listen to ports 23401 and/or 23402 TCP.
IANA registered for: Novar Alarm |
| 23402 |
tcp |
nvidia |
not scanned |
NvBackend.exe - nVidia GeForce Experience service may listen to ports 23401 and/or 23402 TCP.
IANA registered for: Novar Global |
| 23432 |
tcp |
trojans |
Premium scan |
Backdoor.Asylum (05.2000) - remote access trojan, uses ports 81, 2343, 23432 by default. |
| 23435 |
tcp |
trojan |
Premium scan |
Backdoor.Frango [Symantec-2003-101816-5050-99] - a backdoor trojan horse that gives an attacker unauthorized access to a computer. Backdoor.Frango is packed by FSG. It notifies the attacker by ICQ and CGI requests and listens on port 23435 by default.
Trojan.Framar [Symantec-2003-120314-1133-99]
Backdoor.Volac [Symantec-2003-121108-2958-99] - a backdoor trojan horse server that allows unauthorized remote access to an infected system. |
| 23444 |
tcp |
malware |
not scanned |
Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow - Netbull listens on both TCP ports 23444 and 23445, sending a large string of junk chars causes stack corruption overwriting EDX register.
References: [MVID-2021-0035] |
| 23445 |
tcp |
malware |
not scanned |
Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow - Netbull listens on both TCP ports 23444 and 23445, sending a large string of junk chars causes stack corruption overwriting EDX register.
References: [MVID-2021-0035] |
| 23456 |
tcp |
trojans |
Members scan |
Common sequence of numbers "2 3 4 5 6" often used as default port by some programs and trojans.
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS)
Trojans/backdoors that use this port: Evil FTP, Ugly FTP, WhackJob
An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
References: [CVE-2019-18382], [XFDB-170155]
Backdoor.Win32.NetBull.11.b / Remote Buffer Overflow - NetBull.11.b listens on both TCP ports 23456 and 23457, sending a large junk packet results in buffer overflow overwriting stack registers.
References: [MVID-2021-0066] |
| 23456 |
udp |
games |
not scanned |
Flight Simulator 2004 |
| 23457 |
tcp,udp |
games |
not scanned |
Deer Hunter 2004
Backdoor.Win32.NetBull.11.b / Remote Buffer Overflow - NetBull.11.b listens on both TCP ports 23456 and 23457, sending a large junk packet results in buffer overflow overwriting stack registers.
References: [MVID-2021-0066]
|
| 23458 |
tcp |
applications |
not scanned |
Deer Hunter 2005 |
| 23472 |
tcp |
applications |
not scanned |
HP Diagnostics Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the magentservice.exe. By sending an overly long string to port 23472 TCP, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges or cause the application to crash.
References: [XFDB-72363], [BID-51398], [EDB-18423] |
| 23476 |
tcp |
trojans |
Premium scan |
Donald Dik Trojan - backdoor trojan similar to BlackOrifice, affects Windows 9x/NT, opens a backdoor and listens for remote commands on ports 23476/tcp and 23477/tcp.
|
| 23477 |
tcp |
trojans |
Premium scan |
Donald Dik Trojan - backdoor trojan similar to BlackOrifice, affects Windows 9x/NT, opens a backdoor and listens for remote commands on ports 23476/tcp and 23477/tcp. |
| 23513 |
tcp,udp |
applications |
not scanned |
Duke Nukem Ports |
| 23523 |
tcp |
trojans |
Premium scan |
W32.Mytob.KM@mm [Symantec-2005-101214-2941-99] - a mass-mailing worm with backdoor capabilities, that also lowers security settings on the compromised computer. Opens a backdoor by connecting to rax.oucihax.info and listens for remote commands on port 23523/tcp. |
| 23546 |
tcp |
areaguard-neo |
not scanned |
AreaGuard Neo - WebServer [SODATSW spol] (IANA official) |
| 23556 |
tcp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23560 |
tcp |
prtg |
Premium scan |
Paessler PRTG Remote Probe uses port 2356.
Backdoor.Sparta.D [Symantec-2005-093012-4729-99] - backdoor trojan that can be controlled by a remote attacker via IRC channels, uses port 23560/tcp. |
| 23656 |
tcp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23666 |
tcp |
trojans |
Premium scan |
Backdoor.Beasty.F [Symantec-2003-040209-5622-99] - a trojan that allows for remote control, listens on port TCP 23666 on your computer. |
| 23732 |
tcp,udp |
applications |
not scanned |
Canasis Canasta |
| 23733 |
tcp,udp |
applications |
not scanned |
Canasis Canasta |
| 23756 |
tcp |
cisco |
not scanned |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23777 |
tcp |
trojan |
Premium scan |
InetSpy |
| 24000 |
tcp |
trojans |
Premium scan |
Infector trojan (1999.04) - affects Windows 9x (ICQ). Uses ports 146, 1208, 17569, 24000, 30000
Apple med-ltp web service (with performance cache) uses the range 24000-24999/tcp. |
| 24004 |
tcp |
med-ovw |
not scanned |
EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004.
References: [CVE-2012-1810]
med-ovw (IANA official) |
| 24006 |
tcp |
applications |
not scanned |
EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006.
References: [CVE-2012-1811] |
| 24013 |
tcp,udp |
games |
not scanned |
Battle for the Universe, developer: Misty Software LLP |
| 24032 |
tcp,udp |
applications |
not scanned |
Cu-SeeMe White Pine |
| 24279 |
tcp |
med-ltp |
not scanned |
Apple web service with performance cache |
| 24289 |
tcp |
trojan |
Premium scan |
Backdoor.Latinus [Symantec-2002-060710-5206-99] - remote access trojan, afects Windows 9x/ME/NT/2k/XP, opens TCP port 11831/tcp for direct control, 29559/tcp for file transfer, may also use ports 21957/tcp, 24289/tcp, 29559/tcp.
|
| 24307 |
tcp |
trojan |
Premium scan |
Wildek trojan |
| 24322 |
udp |
hid |
not scanned |
Transport of Human Interface Device data streams [Freebox_SAS] (IANA official) |
| 24323 |
tcp |
vrmg-ip |
not scanned |
IANA registered for: Verimag mobile class protocol over TCP |
| 24444 |
tcp,udp |
applications |
not scanned |
NetBeans integrated development environment |
| 24465 |
tcp,udp |
tonidods |
not scanned |
Tonido Directory Server for Tonido which is a Personal Web App and P2P platform (IANA official) |
| 24554 |
tcp,udp |
binkp |
not scanned |
Airburst - Freeverse Software
IANA registered for: BINKP |
| 24596 |
tcp,udp |
games |
not scanned |
Active Lancer, developer: De Software |
| 24666 |
tcp |
sdtvwcam |
not scanned |
Service used by SmarDTV to communicate between a CAM and a second screen application (IANA official) |
| 24676 |
tcp,udp |
canditv |
not scanned |
Canditv Message Service |
| 24681 |
tcp |
trojans |
Premium scan |
Backdoor.Lowtaper [Symantec-2004-101411-3637-99] - remote access trojan, affects Windows, uses ports 24681/tcp and 10104/udp |
| 24726 |
tcp |
flipshare |
not scanned |
FlipShare Server uses ports 24726 and 24727 TCP. |
| 24727 |
|
flipshare |
not scanned |
FlipShare Server uses ports 24726 and 24727 TCP. |
| 24754 |
tcp |
cslg |
not scanned |
Citrix StorageLink Gateway |
| 24800 |
tcp,udp |
applications |
not scanned |
Synergy: keyboard/mouse sharing software |
| 24842 |
tcp,udp |
applications |
not scanned |
StepMania: Online: Dance Dance Revolution Simulator |
| 24850 |
udp |
assoc-disc |
not scanned |
Device Association Discovery [Microsoft Corporation] (IANA official) |
| 24960 |
tcp,udp |
applications |
not scanned |
CQPhone |
| 24961 |
tcp,udp |
applications |
not scanned |
CQPhone |
