Port(s) |
Protocol |
Service |
Scan level |
Description |
65111 |
tcp |
trojans |
Premium scan |
Backdoor.Microkos [Symantec-2005-081015-0341-99] (2005.08.10) - a trojan that opens a backdoor on the compromised computer. It listens for remote commands on port 65111/tcp, and can also open an additional backdoor on port 666/tcp. |
65112 |
tcp,udp |
tv-multicast |
not scanned |
Port used by One-to-One TV over IP Multicast. Used for IP-based multimedia "chunk streaming", extending the capability of multimedia streaming to provide every client with individual content over the Internet. |
65289 |
tcp |
trojan |
Premium scan |
yoyo trojan horse |
65301 |
tcp |
pcanywhere |
Premium scan |
Port used by PC Anywhere |
65390 |
tcp |
trojans |
Premium scan |
Xylo Eclypse trojan |
65421 |
tcp |
trojans |
Premium scan |
Alicia trojan, Jade trojan packed with neolite |
65422 |
tcp |
trojan |
Premium scan |
Alicia trojan horse |
65423 |
udp |
malware |
not scanned |
HackTool.Win32.Hidd.b / Remote Stack Buffer Overflow (UDP Datagram) - the malware listens on UDP ports 52810 and 65423. Third-party attackers who can reach an infected system can send a 479 byte payload to port 65423 and trigger a classic stack buffer overflow overwriting the EIP, ECX registers.
References: [MVID-2021-0318] |
65432 |
tcp |
trojans |
Premium scan |
The Traitor (th3tr41t0r) trojan uses ports 65432/tcp and 65532/udp |
65506 |
tcp |
trojans |
Premium scan |
Port 65506 is used by some trojans for a spam email relay.
PhatBot (a.k.a. Agobot, Gaobot) - most variants exploit the MS DCOM RPC vilnerability (MS Security Billetin [MS03-026]) and the RPC locator vulnerability (MS Security Bulletin [MS03-001]) to spread. Some variants scan port 65506 for a possible backdoor. |
65511 |
tcp |
applications |
not scanned |
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.
References: [CVE-2011-3975] [BID-49916] |
65520 |
tcp |
virus |
not scanned |
W32.Virut.B [Symantec-2007-030116-3455-99] (2007.03.01) - a virus that infects executable files and opens a back door on the compromised computer |
65530 |
tcp |
trojan |
Members scan |
Backdoor.Mite [Symantec-2002-090309-2255-99] - remote access trojan with password-stealing capabilities, affects Windows. Opens a backdoor on port 61000/tcp. BD Windows Mite 1.0 variant listens on port 65530/tcp. |
65532 |
udp |
trojans |
Premium scan |
The Traitor (th3tr41t0r) trojan uses ports 65432/tcp and 65532/udp |
65534 |
tcp |
trojans |
Premium scan |
[trojan] /sbin/initd - reported on Linux hosts as a hacked backdoor along with tcp port 1049
Port also used by NetMeeting with H323 |
65535 |
tcp |
trojans |
Premium scan |
Trojans using this port: Adore, Sins, ShitHeep, RC trojan
Apple Xsan Filesystem Access uses the dynamic/private range 49152-65535 (TCP/UDP) as well. |
65535 |
udp |
games |
not scanned |
Lord of the Rings: Battle for Middle Earth 2, Dark Ages of Camelot, Final Fantasy XI (TCP/UDP)
Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP.
References: [CVE-2007-1674], [BID-23483] |