Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp ADB Android Debug Bridge
tcp personal-agent Personal Agent
tcp ServeMe [trojan] ServeMe
udp personal-agent Personal Agent
udp rplay rplay
tcp TR069 Router Remote Admin
Top IPs Scanning
Today Yesterday
141.98.11.154 (3255)141.98.11.154 (9972)
156.233.225.59 (1582)70.39.109.182 (7657)
45.200.149.215 (1540)103.211.200.104 (3754)
103.211.200.104 (1294)156.233.225.59 (3512)
154.213.187.6 (742)154.213.187.6 (2085)
185.224.128.17 (662)104.197.222.173 (1729)
43.158.213.246 (466)185.196.8.92 (1641)
5.175.236.44 (288)154.213.188.3 (1438)
78.128.114.22 (226)193.68.89.3 (1435)
80.64.30.17 (182)45.200.149.215 (1155)
Port diary mentions
URL
Worm (Mirai?) Exploiting Android Debug Bridge (Port 5555tcp)
Does it matter if iptables isn't running on my honeypot?
User Comments
Submitted By Date
Comment
Josiah 2019-06-07 06:37:31
Default port for the Monyog software or I think Idera is renaming it "SQL Diagnostics for MySQL".
Johannes 2018-07-15 11:17:50
Port 5555 is used by the Android Debug Bridge. A feature that is usually turned off. But it has been discovered that some (in particular chinese) Android phones ship with it turned on. Also, during jailbreak, the ADB feature is sometimes turned on.
George 2013-09-11 12:14:55
Legitimate use of this port: Sun xFire servers (x4100, 4140, 4500, 4540) may use this port for out-of-band / ILOM remote control of the server with latest revisions of the ILOM firmware. However, this traffic would be sporadic and on an as-needed basis (hopefully people aren't using ILOM to log into servers for day-to-day work). One would also see HTTPS (443) traffic from the same IP's, to load the ILOM services pages and invoke the remote control functions.
2011-08-10 01:36:26
MS Dynamics CRM uses this port by default
Don Levinson 2004-09-08 06:30:35
We are seeing heavy target traffic on this port. Many of our machines are infected with bling.exe which is listed as non-malicious spyware, but it is acting like backdoor software from what I can see. Infection is seen with the files bling.exe and o. in the system32 directory on windows. Activity is TCP from an incrementing port on the infected PC to a fixed port of 5555 on the network target/master.
2003-08-21 19:33:01
Other programs that use port 5555: freeciv HP Omniback
CVE Links
CVE # Description
CVE-2013-6194 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
CVE-2014-2623
CVE-2016-2005