Port(s) |
Protocol |
Service |
Scan level |
Description |
41523 |
tcp |
applications |
not scanned |
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.
References: [CVE-2008-1979], [BID-28927]
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
References: [CVE-2006-5143] [BID-20365] [SECUNIA-22285] |
41524 |
udp |
ArcServe |
not scanned |
Arc Serve (looks for license violations)
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
References: [CVE-2005-0260] |
41626 |
tcp |
trojan |
Premium scan |
Shah trojan |
41666 |
tcp,udp |
trojan |
Premium scan |
Remote Boot trojan |
41794 |
tcp |
crestron-cip |
not scanned |
IANA registered for: Crestron Control Port |
41795 |
tcp,udp |
crestron-ctp |
not scanned |
IANA registered for: Crestron Terminal Port |
41796 |
tcp |
crestron-cips |
not scanned |
IANA registered for: Crestron Secure Control Port |
41797 |
tcp |
crestron-ctps |
not scanned |
IANA registered for: Crestron Secure Terminal Port |
41823 |
tcp,udp |
applications |
not scanned |
Murealm Client |
41934 |
tcp |
trojans |
Premium scan |
Backdoor.Ranky.C [Symantec-2003-102714-5526-99] (2003.10.27) - a trojan horse that runs as a proxy server. By default, the trojan opens TCP port 41934. |
41952 |
tcp,udp |
applications |
not scanned |
Tversity Media Player - this application uses port 41952 to download video, audio and/or music files from the Internet. You can run TVersity in PCs, as well as in Playstations, Nintendo Wii, and the Xbox 360.
BitTorrent also uses this port. |
42042-42051 |
tcp,udp |
voddler |
not scanned |
Voddler uses ports 42042-42051 and 50726. |
42100 |
tcp |
games |
not scanned |
Medal of Honor 2010 |
42172 |
tcp |
applications |
not scanned |
iTunes Radio streams |
42321 |
tcp |
trojans |
Premium scan |
Backdoor.Ranky.E [Symantec-2004-031918-5809-99] - a trojan horse that runs as a proxy server, opens TCP port 42321 by default. |
42424 |
tcp |
applications |
not scanned |
ASP.NET Session State, ASP.NET State Service |
42500 |
udp |
games |
not scanned |
Heroes of Might and Magic V |
42508 |
tcp,udp |
candp |
not scanned |
Computer Associates network discovery protocol |
42509 |
tcp,udp |
candrp |
not scanned |
Computer Associates discovery response |
42510 |
tcp,udp |
caerpc |
not scanned |
Computer Associates eTrust RPC |
42511 |
tcp |
inoculateit |
not scanned |
eTrust AV - default port for Computer Associates' eTrust antivirus, a.k.a InoculateIT. |
42557 |
tcp |
applications |
not scanned |
iTunes Radio streams |
42590 |
tcp,udp |
applications |
not scanned |
Glue - MakePro X |
42591 |
tcp,udp |
applications |
not scanned |
Glue - MakePro X |
42592 |
tcp,udp |
applications |
not scanned |
Glue - MakePro X |
42593 |
tcp,udp |
applications |
not scanned |
Glue - MakePro X |
42594 |
tcp,udp |
applications |
not scanned |
Glue - MakePro X |
42595 |
tcp,udp |
applications |
not scanned |
Glue - MakePro X |
42893 |
udp |
games |
not scanned |
Virtual Tennis, developer: Strangelite |
42999 |
tcp |
curiosity |
not scanned |
API endpoint for search application (IANA official) |
43000 |
tcp |
recvr-rc |
not scanned |
Receiver Remote Control [Research_Electronics_International] (IANA official) |
43000 |
udp |
recvr-rc-disc |
not scanned |
Receiver Remote Control Discovery [Research_Electronics_International] (IANA official) |
43034 |
tcp,udp |
applications |
not scanned |
LarmX.comâ„¢ database update mtr port |
43047 |
tcp |
applications |
Premium scan |
TheosMessenger, TheosNet-Admin uses these ports:
2500/tcp, 2501/tcp - listening for client connections
43047/tcp, 43048/tcp - service ports |
43048 |
tcp |
applications |
not scanned |
TheosMessenger, TheosNet-Admin uses these ports:
2500/tcp, 2501/tcp - listening for client connections
43047/tcp, 43048/tcp - service ports |
43188 |
tcp,udp |
reachout |
not scanned |
REACHOUT |
43189 |
tcp,udp |
ndm-agent-port |
not scanned |
NDM-AGENT-PORT |
43190 |
tcp,udp |
ip-provision |
not scanned |
IP-PROVISION |
43191 |
tcp |
noit-transport |
not scanned |
Reconnoiter Agent Data Transport |
43210 |
tcp |
trojan |
Premium scan |
Master's Paradise, Schoolbus 1.6 / 2.0 trojan horse
Octave network daemon
Shaper Automation Server Management [Shaper_Automation] (IANA official) |
43210 |
udp |
shaperai-disc |
not scanned |
Bombsquad game uses port 43210 UDP
Shaper Automation Server Management Discovery [Shaper_Automation] (IANA official) |
43287 |
tcp |
trojans |
Members scan |
W32.Mytob.KU@mm [Symantec-2005-101522-1102-99] - mass-mailing worm that uses its own SMTP engine, has backdoor capabilities, and lowers security settings on the compromised computer. Opens a backdoor and listens for remote commands on port 43287/tcp.
Also: W32.Mytob.KR@mm [Symantec-2005-101517-4223-99] variant. |
43438 |
udp |
hmip-routing |
not scanned |
IANA registered for: HmIP LAN Routing |
43439 |
tcp |
eq3-update |
not scanned |
EQ3 firmware update [eQ-3 AG] (IANA official) |
43439 |
udp |
eq3-config |
not scanned |
EQ3 discovery and configuration [eQ-3 AG] (IANA official) |
43440 |
tcp |
ew-mgmt |
not scanned |
Cisco EnergyWise Management |
43440 |
udp |
ew-disc-cmd |
not scanned |
Cisco EnergyWise Discovery and Command Flooding |
43441 |
tcp,udp |
ciscocsdb |
not scanned |
Cisco NetMgmt DB Ports [Cisco Systems] (IANA official) |
43594 |
tcp,udp |
applications |
not scanned |
Runescape Private Server |
43595 |
tcp |
applications |
not scanned |
RuneScape JAGGRAB servers |
43654 |
tcp |
viera |
not scanned |
Panasonic Viera cast may use the following ports: 80, 443, 43654, 48705 |
43690 |
udp |
applications |
not scanned |
Huawei EchoLife HG520c could allow a remote attacker to obtain sensitive information, caused by an error when processing packets. By sending specially-crafted packets to UDP port 43690, a remote attacker could exploit this vulnerability to obtain firmware version, IP addresses and other sensitive information.
References: [XFDB-57952], [BID-39650], [SECUNIA-39491] |
43720 |
udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
43900 |
tcp |
games |
not scanned |
PGA Championship Golf 2000 uses ports 43900-43910 |
43910 |
tcp |
games |
not scanned |
PGA Championship Golf 2000 uses ports 43900-43910 |
43958 |
tcp |
applications |
Members scan |
Serv-U FTP Server
Trojans that use this port:
Backdoor.ServU-based (AVP), Backdoor.ServU.B (Central Command), Troj/Vicwor-A, BKDR_ServU_ey |
43981 |
udp |
applications |
not scanned |
Netware IP, Vicar networks X10 mgmt |
44000 |
udp |
games |
not scanned |
Brothers in Arms: Road To Hill 30, Far Cry, Heroes of Might and Magic V, Rainbox Six 3: Raven Shield |
44000 |
tcp |
games |
not scanned |
PGA Championship Golf 2000 |
44003 |
tcp,udp |
applications |
not scanned |
MTA SA R1.0 |
44014 |
tcp,udp |
trojan |
not scanned |
Iani trojan |
44123 |
tcp |
z-wave-s |
not scanned |
Z-Wave Secure Tunnel [Sigma Designs Inc] (IANA official) |
44280 |
tcp |
trojans |
Premium scan |
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551. |
44323 |
udp |
pcp |
not scanned |
IANA registered for: Port Control Protocol |
44333 |
tcp,udp |
applications |
not scanned |
Kerio MailServer, Kerio Personal Firewall, and Kerio WinRoute Firewall are vulnerable to a denial of service attack. A remote attacker, with access to the administration ports, 44333, 44334, and 44337 could send specially-crafted data to exceed the amount of connections allowed, resulting in a denial of service.
References: [BID-13458], [CVE-2005-1063], [XFDB-20337] |
44334 |
tcp,udp |
tiny firewall |
Members scan |
Remote administration port used by Tiny Personal Firewall, and Kerio Personal firewall.
There is a possible exploit in Kerio Personal Firewall using this port: SecuriTeam 5HP0A2AA1Y
Also Kerio personal firewall has hidden "Internal Traffic Rules" that allow for open ports not being displayed in the GUI.
A remote attacker, with access to the administration ports, 44333, 44334, and 44337 could send specially-crafted data to exceed the amount of connections allowed, resulting in a denial of service.
References: [BID-13458], [CVE-2005-1063], [XFDB-20337] |
44337 |
tcp,udp |
applications |
not scanned |
Kerio MailServer, Kerio Personal Firewall, and Kerio WinRoute Firewall are vulnerable to a denial of service attack. A remote attacker, with access to the administration ports, 44333, 44334, and 44337 could send specially-crafted data to exceed the amount of connections allowed, resulting in a denial of service.
References: [BID-13458], [CVE-2005-1063], [XFDB-20337] |
44390 |
tcp |
trojans |
Premium scan |
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551. |
44405 |
tcp,udp |
applications |
not scanned |
Mu Online |
44444 |
tcp |
trojan |
Members scan |
Prosiak trojan
Cognex DataMan Management Protocol [Cognex] (IANA official)
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776.
References: [CVE-2013-3388] |
44445 |
tcp |
acronis-backup |
not scanned |
Acronis Backup Gateway service port (IANA registered)
Malware: W32.Kibuv |
44488 |
tcp,udp |
applications |
not scanned |
BackupStream |
44490 |
tcp,udp |
applications |
not scanned |
BAckNBiz |
44501 |
tcp |
kerio |
Members scan |
Port used by Kerio Personal Firewall pop-up blocking.
There is a script that sends information on this port about blocked pages. Also, reportedly Kerio personal firewall has "Internal traffic rules" for open ports not displayed in the GUI. |
44544 |
udp |
domiq |
not scanned |
DOMIQ Building Automation [DOMIQ Sp zoo] (IANA official) |
44575 |
tcp |
trojan |
Premium scan |
Exploiter trojan |
44600 |
udp |
asihpi |
not scanned |
IANA registered for: AudioScience HPI |
44624 |
udp |
games |
not scanned |
Virtual Tennis, developer: Strangelite |
44767 |
tcp,udp |
trojan |
not scanned |
School Bus trojan |
44818 |
tcp,udp |
ethernetip |
not scanned |
Rockwell Encapsulation
Cognex In-Signt (IANA official) uses these ports:
68 udp - DHCP In-Signt vision system only
502 tcp - Modbus
1069 tcp/udp - In-Sight
1070 tcp - machine status data
2222 udp - Ethernet IP
5753 tcp - audit message server
44818 tcp/udp - Ethernet IP
51069 tcp - In-Sight secure
IANA registered for EtherNet/IP messaging
Cisco IOS is vulnerable to a denial of service, caused by an error within the Common Industrial Protocol (CIP) feature when processing malicious packets. By sending specially-crafted IPv4 packets destined to TCP port 44818, a remote attacker could exploit this vulnerability to cause the device to reload.
References: [CVE-2015-0649], [XFDB-101804]
Rockwell Automation ControlLogix is vulnerable to a denial of service, caused by the improper validation of input being sent to the buffer. By sending a specially-crafted CIP message to TCP and UDP ports 2222 and 44818, a remote attacker could exploit this vulnerability to cause the CPU to stop logic execution and enter a denial of service.
References: [XFDB-81235]
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
References: [CVE-2018-14829]
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
References: [CVE-2018-14827]
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.
References: [CVE-2018-14821]
Tec4Data SmartCooler is vulnerable to a denial of service, caused by missing authentication for a critical function. By sending a specially crafted CIP packet to Port 44818, a remote attacker could exploit this vulnerability to cause a denial of service.
References: [CVE-2018-14796], [XFDB-150211] |
44900 |
tcp,udp |
m3da |
not scanned |
M3DA is used for efficient machine-to-machine communications [Eclipse Foundation] (IANA official) |
45000 |
tcp |
cisco-ids |
not scanned |
CiscoSecure IDS communication
Monitoring Protocol data transfer NSi AutoStore Status [Notable Solutions Inc] (IANA official) |
45000 |
udp |
games |
not scanned |
Brothers in Arms: Road To Hill 30, Heroes of Might and Magic V
Monitoring Protocol device, monitoring NSi AutoStore Status [Notable Solutions Inc] (IANA official) |
45001 |
udp |
games |
not scanned |
Brothers in Arms: Road To Hill 30 |
45001 |
tcp |
asmps |
not scanned |
Monitoring Protocol secure data transfer [Notable Solutions Inc] (IANA official) |
45002 |
tcp |
rs-status |
not scanned |
Redspeed Status Monitor (IANA official) |
45054 |
tcp,udp |
invision-ag |
not scanned |
InVision AG |
45092 |
tcp |
trojan |
Premium scan |
BackGate Kit |
45100 |
tcp,udp |
applications |
not scanned |
Limewire client magnet, Azureus |
45395 |
udp |
whatsapp |
not scanned |
WhatsApp uses these ports:
80, 443, 4244, 5222, 5223, 5228, 5242 TCP
50318, 59234 TCP/UDP
3478, 45395 UDP
|
45454 |
tcp |
trojan |
Premium scan |
Osiris trojan |
45456 |
tcp |
httptoolkit |
not scanned |
HTTP Toolkit (https://httptoolkit.tech) uses ports 45456/tcp and 45457/tcp as part of its internal communication and management API |
45457 |
tcp |
httptoolkit |
not scanned |
HTTP Toolkit (https://httptoolkit.tech) uses ports 45456/tcp and 45457/tcp as part of its internal communication and management API |
45514 |
tcp |
cloudcheck |
not scanned |
IANA registered for: ASSIA CloudCheck WiFi Management System |
45514 |
udp |
cloudcheck-ping |
not scanned |
IANA registered for: ASSIA CloudCheck WiFi Management keepalive |
45559 |
tcp |
trojan |
Premium scan |
Maniac rootkit trojan |
45631 |
tcp |
applications |
not scanned |
Air Video |
45632 |
tcp |
trojan |
Premium scan |
Little Witch trojan |
45672 |
tcp |
trojans |
Premium scan |
Backdoor.Delf.F [Symantec-2003-040117-4857-99] backdoor trojan that gives a hacker access to your computer. By default, it opens TCP ports 25226 and 45672. The existence of the file Svced.exe is an indication of a possible infection. |
45673 |
tcp |
trojans |
Premium scan |
Backdoor.Acropolis [Symantec-2001-021616-0142-99] remote access trojan, affects Windows, listens on TCP ports 32791, 45673. |