| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 35357 |
tcp |
openstack-id |
not scanned |
OpenStack ID Service [Rackspace Hosting] (IANA official) |
| 35555 |
udp |
trojan |
not scanned |
Trin00 (DDoS attack tools) a.k.a. Trinoo and tribe flood network (TFN) use these ports: 27665/tcp (master control port), 27444/udp, 34555/udp, 35555/udp. See also CERT: IN-99-07 |
| 35600 |
tcp |
trojan |
Premium scan |
SubSARI trojan [Symantec-2003-030315-2821-99] |
| 36183 |
tcp |
trojan |
Premium scan |
Backdoor.Lifefournow trojan [Symantec-2004-122817-3943-99] |
| 36311 |
tcp |
trojans |
Premium scan |
W32.Mytob.FX@mm [Symantec-2005-062313-5401-99] - mass-mailing worm that opens a backdoor and listens for remote commands on port 36311/tcp, also runs an FTP server on port 10099/tcp. |
| 36330 |
tcp |
applications |
not scanned |
Folding@home Control Port |
| 36412 |
sctp |
s1-control |
not scanned |
S1-Control Plane (3GPP) |
| 36422 |
sctp |
x2-control |
not scanned |
X2-Control Plane (3GPP) |
| 36423 |
sctp |
slmap |
not scanned |
SLm Interface Application Protocol (IANA official) |
| 36424 |
sctp |
nq-ap |
not scanned |
Nq and Nq' Application Protocol (IANA official) |
| 36443 |
sctp |
m2ap |
not scanned |
IANA registered for: M2 Application Part |
| 36444 |
sctp |
m3ap |
not scanned |
IANA registered for: M3 Application Part |
| 36462 |
sctp |
xw-control |
not scanned |
Xw-Control Plane (3GPP) (IANA official) |
| 36475 |
tcp,udp |
beebeep |
not scanned |
BeeBEEP - an open source, peer to peer, LAN chat messenger uses ports 6475/tcp (chat), 6476/tcp (file transfers) and 36475/udp. |
| 36524 |
tcp |
febooti-aw |
not scanned |
IANA registered for: Febooti Automation Workshop |
| 36567 |
tcp,udp |
games |
not scanned |
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp |
| 36794 |
tcp |
trojans |
Premium scan |
W32.Bugbear@mm [Symantec-2002-093007-2144-99] - mass-mailing worm, also spreading through network shares, affects Windows. The worm also attempts to terminate the processes of various antivirus and firewall programs and opens a backdoor service on port 36794. |
| 36963 |
udp |
applications |
not scanned |
Any of the USGN online games, most notably Counter Strike 2D multiplayer (2D clone of popular CounterStrike computer game) |
| 36987 |
tcp,udp |
robocode |
not scanned |
Robocode - an educational game, intended to help gamers learn Java programming. |
| 37000 |
udp |
applications |
not scanned |
The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, a.k.a. Bug ID CSCsj47924.
References: [CVE-2009-2045] [SECUNIA-35542] |
| 37008 |
udp |
applications |
not scanned |
TZSP intrusion detection |
| 37020 |
udp |
applications |
Premium scan |
SADP (Search Active Device Protocol) - used by Hickvision software for service discovery of online IP cameras and NVRs.
SADP protocol is similar to WSD (Web Service Dynamic Discovery) and SSDP/UPnP (Simple Service Discovery Protocol/Universal Plug and Play). Hikvision SADP is subject to DDoS Reflection Amplification attack. |
| 37031 |
udp |
malware |
not scanned |
Trojan-Dropper.Win32.Delf.da / Remote Stack Buffer Overflow (UDP Datagram) - Delf.da malware listens on UDP port 37031. Adversaries who can reach the infected system can send a payload of just 999 bytes and trigger a classic stack buffer overflow. This will overwrite ECX and EIP stack registers potentially allowing control of the malwares execution flow.
References: [MVID-2021-0137] |
| 37215 |
tcp,udp |
applications |
not scanned |
Huawei HG532 routers could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the /icon/ path containing "dot dot" sequences (/../) in the port 37215 to view arbitrary files on the system.
References: [CVE-2015-7254], [XFDB-107944]
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
References: [CVE-2017-17215], [BID-102344] |
| 37237 |
tcp |
trojan |
Premium scan |
Mantis trojan |
| 37266 |
tcp |
trojan |
Premium scan |
The Killer Trojan |
| 37472 |
sctp |
3gpp-w1ap |
not scanned |
IANA registered for: W1 signalling transport |
| 37483 |
tcp |
gdrive-sync |
not scanned |
Google Drive Sync (IANA official) |
| 37651 |
tcp |
trojan |
Premium scan |
YAT |
| 37653 |
tcp |
trojan |
Premium scan |
YAT trojan |
| 37659 |
tcp |
applications |
not scanned |
Axence nVision |
| 37777 |
tcp |
applications |
not scanned |
QSee QC DVRs, QSee QC40198, QSee QC444, Digital Video Recorder hardware
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
References: [CVE-2013-6117]
An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.
References: [CVE-2017-6432], [XFDB-123213]
Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
References: [CVE-2020-5736], [XFDB-179477]
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
References: [CVE-2020-5735], [XFDB-179480] |
| 37852 |
udp |
linkproof |
not scanned |
Radware LinkProof Content Mgmt |
| 37885 |
tcp |
malware |
not scanned |
Backdoor.Win32.Kwak.12 / Remote Command Execution - the backdoor runs an FTP server that listens on TCP port 37885. The malware is packed using UPX which is trivial to unpack by using upx -d command, after observe various FTP commands supported using strings util, we find one interesting string entry named "execute". Turns out this will let us execute any command on the infected machine. Third-party adversaries can add a persistent backdoor account on the infected system or run any command they wish. This is easily accomplished as the malware also suffers from a authentication bypass issue reference MVID-2021-0147.
References: [MVID-2021-0149]
Backdoor.Win32.Kwak.12 / Authentication Bypass - the backdoor runs an FTP server that listens on TCP port 37885. The program acts like a typical FTP server and prompts for logon. However, anyone can seemingly use any combination of username and password to logon to the system and run commands.
References: [MVID-2021-0147]
Backdoor.Win32.Kwak.12 / Remote Denial of Service - the backdoor runs an FTP server that listens on TCP port 37885. Attackers who can reach the infected host can send a payload of around 6500 bytes using socket program to cause an unknown internal exception to crash the malware.
References: [MVID-2021-0146] |
| 37892 |
tcp,udp |
applications |
not scanned |
devel/haddock 0.2 |
| 38080 |
tcp,udp |
applications |
not scanned |
hpcmips, JBoss Application Server |
| 38121 |
tcp,udp |
applications |
not scanned |
Squid - a caching proxy server for the Web supporting HTTP, HTTPS, FTP, Telnet and SSL. It reduces bandwidth and improves response times by caching repeated requests. Squid is free software, intended to run on Unix-like systems but it also runs on Windows-based systems.
Cabal Server Online also uses this port. |
| 38292 |
tcp |
applications |
not scanned |
Symantec AntiVirus Corporate Edition could allow a remote attacker to gain elevated privileges on the system, caused by a vulnerability in the Intel Alert Handler service (hndlrsvc.exe). By establishing a connection to TCP port 38292, a remote attacker could exploit this vulnerability to execute arbitrary commands on the system with SYSTEM-level privileges.
References: [BID-41959] |
| 38293 |
udp |
NortonAntiVirus |
not scanned |
Norton Anti-Virus host discovery |
| 38412 |
sctp |
ng-control |
not scanned |
IANA registered for: NG Control Plane (3GPP) |
| 38422 |
sctp |
xn-control |
not scanned |
IANA registered for: Xn Control Plane (3GPP) |
| 38462 |
sctp |
e1-interface |
not scanned |
IANA registered for: E1 signalling transport (3GPP) |
| 38472 |
sctp |
f1-control |
not scanned |
IANA registered for: F1 Control Plane (3GPP) |
| 38628 |
udp |
games |
not scanned |
Heroes of Might and Magic III, developer: New World Computing |
| 38638 |
tcp |
psqlmws |
not scanned |
Premier SQL Middleware Server (IANA official) |
| 38741 |
tcp |
trojan |
Premium scan |
CyberSpy trojan |
| 38742 |
tcp |
trojan |
Premium scan |
CyberSpy |
| 38800 |
tcp |
sruth |
not scanned |
Sruth is a service for the distribution of routinely- generated but arbitrary files based on a publish/subscribe distribution model and implemented using a peer-to-peer transport mechanism [University Corporation for Atmospheric Research] (IANA official) |
| 38865 |
tcp |
secrmmsafecopya |
not scanned |
Security approval process for use of the secRMM SafeCopy program [Squadra Technologies] (IANA official) |
| 38920 |
tcp |
applications |
not scanned |
RenderDoc is vulnerable to a heap-based buffer overflow, caused by an integer overflow in librenderdoc.so's server thread on TCP port 38920. By sending a specially crafted handshake packet using the client name parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system.
References: [CVE-2023-33864], [XFDB-257286]
RenderDoc is vulnerable to a heap-based buffer overflow, caused by an integer overflow in librenderdoc.so's server thread on TCP port 38920. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
References: [CVE-2023-33863], [XFDB-257288]
|
| 39063 |
tcp |
vroa |
not scanned |
Children's hearing test/Telemedicine (IANA official) |
| 39300 |
udp |
applications |
not scanned |
America's Army is vulnerable to a denial of service, caused by the improper handling of queries. By sending a specially-crafted packet to UDP port 39300, a remote attacker could cause the server to enter into an error message loop and consume an overly large amount of CPU resources.
References: [XFDB-52459], [BID-35749] |
| 39500 |
tcp,udp |
applications |
not scanned |
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.
References: [CVE-2018-3918]
An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability.
References: [CVE-2018-3911] |
| 39507 |
tcp |
trojan |
Premium scan |
Busters trojan |
| 39581 |
tcp |
trojans |
Premium scan |
Backdoor.WinShell.50.b [Symantec-2003-081110-5211-99] - remote access trojan, affects Windows, listens on port 39581. It is a variant of Backdoor.WinShell.50 [Symantec-2003-080611-0047-99] (port 8719) and usually packed along with Trojan.Stealther.B [Symantec-2003-080716-1231-99]. |
| 39780 |
tcp |
trojans |
Premium scan |
Backdoor.Nibu.O [Symantec-2005-101017-0741-99] - a backdoor trojan that also runs a keylogger. Opens a backdoor and listens for remote commands on port 39780/tcp. Also logs information and sends captured keystrokes to predetermined websites/emails. |
| 39872 |
tcp,udp |
trojans |
not scanned |
Backdoor.Cuhmap [Symantec-2002-090617-5543-99] - a backdoor trojan horse that gives an attacker unauthorized access to an infected computer. By default it opens port 39872 on the compromised computer. |
| 39889 |
udp |
applications |
not scanned |
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
References: [CVE-2016-10178], [BID-95877] |
| 39999 |
tcp |
trojans |
Members scan |
Trojan.Mitglieder.C [Symantec-2004-012012-0813-99] - Mail Relay trojan, affects Windows, listens on port 39999/tcp. Opens a mail relay on your computer (allowing others to use it to send unsolicited commercial email). The Trojan also downloads and executes PWSteal.Ldpinch. |
| 39999 |
udp |
applications |
not scanned |
Symantec Endpoint Protection (SEP). Communication between the SEP clients and the Enforcer. This port is used for authentication of clients by the Enforcer.
Sygate Enforcer contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially crafted UDP packet from source port 39999 to destination source port 39999 on the Enforcer system, and will result in loss of availability for the Enforcer system.
References: [CVE-2003-0931], [XFDB-16949] |
| 40000 |
tcp,udp |
safetynetp |
not scanned |
SafetyNET p Real-time Industrial Ethernet protocol (IANA official) |
| 40001-40046 |
tcp,udp |
microsoft |
not scanned |
Port range used by Microsoft, either for Windows Updates, Error Reporting, or Auth Check. Skype for desktop may also use some of these ports. |
| 40001 |
tcp |
aspera |
not scanned |
Aspera uses the following ports:
33001 tcp (SSH, older versions used port 22)
33001 udp (fasp)
40001 tcp (Aspera Central)
4406 tcp (outbound logging)
Aspera servers may also have to open a range of ports for concurrent transfers, e.g. 33002-33010 udp. HTTP and/or HTTPS ports 80 and 443 are used for the web ui. |
| 40010 |
tcp |
visualchart |
not scanned |
VisualChart (www.visualchart.com) uses port 40010/tcp by default. |
| 40023 |
udp |
k-patentssensor |
not scanned |
K-PatentsSensorInformation (IANA official) |
| 40071 |
tcp |
trojan |
Premium scan |
Ducktoy trojan |
| 40080 |
tcp,udp |
applications |
not scanned |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
References: [CVE-2015-7820]
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
References: [CVE-2015-7817] |
| 40116 |
tcp,udp |
applications |
not scanned |
GMPlayer - application uses port 40116 for downloading/upstreaming music, audio and/or video files from the Internet. |
| 40123 |
udp |
applications |
not scanned |
Flatcast |
| 40193 |
tcp,udp |
applications |
not scanned |
Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.
References: [CVE-2000-0669], [BID-1467] |
| 40308 |
tcp |
trojan |
Premium scan |
SubSARI trojan [Symantec-2003-030315-2821-99] |
| 40404 |
tcp |
trojans |
Members scan |
W32.Randex.DFJ [Symantec-2005-040512-3029-99] (2005.04.06) - network-aware worm that spreads via network shares exploiting weak passwords. Opens a backdoor on port 40404/tcp and connects to IRC server on the tunit.p2p.com.hk doman. It can be remotely controlled via IRC. |
| 40412 |
tcp |
trojan |
Premium scan |
The Spy trojan horse |
| 40421-40426 |
tcp |
trojans |
Premium scan |
Master's Paradise - remote access trojan, 03.1998. Affects Windows, uses ports 31, 3129, 40421-40426.
Port 40421/tcp also used by Agent 40421 trojan. Check port 30/tcp as well. |
| 40443 |
tcp,udp |
applications |
not scanned |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
References: [CVE-2015-7820]
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
References: [CVE-2015-7817] |
| 40444 |
udp |
games |
not scanned |
Nemesis Of The Roman Empire |
| 40445 |
tcp |
games |
not scanned |
Nemesis Of The Roman Empire |
| 40447 |
tcp,udp |
games |
not scanned |
Nemesis Of The Roman Empire |
| 40615 |
udp |
applications |
not scanned |
Monopoly Tycoon, developer: Deep Red |
| 40649 |
udp |
games |
not scanned |
Virtual Tennis, developer: Strangelite |
| 40815 |
tcp |
rapid7 |
not scanned |
Rapid7 Security uses these ports:
80/443/tcp - outbound traffic to rapid7.com for encrypted diagnostic information and updates
3780/tcp - HTTPS web interface access to the security console
40815/tcp - Rapid7 scan engine outbound communication with console |
| 40816 |
udp |
nitroshare |
not scanned |
NitroShare (cross-platform network file sharing application) uses port 40818/tcp for transfers and port 40816/udp for broadcasts. |
| 40818 |
tcp |
nitroshare |
not scanned |
NitroShare (cross-platform network file sharing application) uses port 40818/tcp for transfers and port 40816/udp for broadcasts. |
| 40843 |
tcp,udp |
csccfirewall |
not scanned |
CSCCFIREWALL |
| 40853 |
udp |
ortec-disc |
not scanned |
IANA registered for: ORTEC Service Discovery |
| 40999 |
tcp |
trojan |
Premium scan |
DiemsMutter trojan
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.
References: [CVE-2015-7819] |
| 41001 |
tcp |
trojans |
Premium scan |
Backdoor.Pharvest [Symantec-2007-112311-2312-99] (2007.11.23) - a trojan that steals sensitive information from the compromised computer, opens port 41001/tcp. |
| 41005 |
|
games |
not scanned |
Far Cry |
| 41006 |
udp |
games |
not scanned |
Far Cry |
| 41013 |
tcp |
applications |
not scanned |
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than [CVE-2012-2607].
References: [CVE-2012-4026] |
| 41014 |
tcp |
|
not scanned |
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
References: [CVE-2012-2607] |
| 41025 |
tcp |
applications |
not scanned |
Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
References: [CVE-2008-2158], [BID-29399] |
| 41121 |
tcp |
tentacle |
not scanned |
Tentacle Server |
| 41144 |
tcp |
teamspeak |
not scanned |
Teamspeak 3 default tsdns port.
TS3 uses the following ports:
9987 UDP (default voice port)
10011 TCP (default serverquery port)
30033 TCP (default filetransfer port)
41144 TCP (default tsdns port)
TS3 also connects to: accounting.teamspeak.com:2008 (TCP for license checks) and weblist.teamspeak.com:2010 (UDP). TS3 weblist also uses ports 2011-2110 (UDP out, first available port in range).
|
| 41170 |
tcp,udp |
applications |
not scanned |
Piolet |
| 41222 |
udp |
applications |
not scanned |
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SocketService module, which listens on UDP port 41222 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21162.
References: [CVE-2023-51571] |
| 41230 |
tcp |
z-wave-s |
not scanned |
Z-Wave Protocol over SSL/TLS (IANA official) |
| 41230 |
udp |
z-wave-s |
not scanned |
Z-Wave Protocol over DTLS (IANA official) |
| 41337 |
tcp |
trojan |
Premium scan |
Storm trojan |
| 41455 |
udp |
games |
not scanned |
MOTO GP 2 |
