Port 60674: Unassigned — A Port With No Name

What This Port Actually Is

Port 60674 is not assigned to anything. The IANA—the Internet Assigned Numbers Authority that hands out port numbers—has never designated a purpose for it. It sits in the dynamic and ephemeral port range, which spans 49152 through 65535.¹

That range is the Internet's scratch paper. These ports are meant to be temporary. Your web browser uses them for outgoing connections. Your email client grabs one, uses it for a moment, then releases it back into the pool. Your operating system assigns them automatically, in sequence, as applications need them.

What That Range Means

The IANA divides port numbers into three categories:²

• System Ports (0-1023): Reserved for standard, well-known services. HTTP, SMTP, SSH, DNS. The core infrastructure.
• User Ports (1024-49151): Applications can register here if they want a permanent, documented port number.
• Dynamic/Ephemeral Ports (49152-65535): Completely unassigned. Never will be assigned. Free for temporary use.

Port 60674 is in that last category. It has no official identity. It exists so that thousands of client connections can happen simultaneously without stepping on each other's toes.

What Actually Uses This Port

Most of the time, nothing significant. Your operating system might assign it to a temporary outgoing connection, hold it for a few seconds, then release it.

But malware has used it. Specifically, Trojan.DownLoader34.3753 attempts connections to localhost on port 60674 along with other high-numbered ports in the 60000+ range.³ The trojan injects code into system processes and creates onion services for command-and-control communication.

This is typical behavior: malware often exploits the unassigned port ranges precisely because they're not monitored the way well-known ports are. A connection on port 443 looks normal. A connection on 60674 looks like background noise.

How to Check What's Listening

You can see what's actually listening on port 60674 right now:

On Linux or macOS:

lsof -i :60674
netstat -an | grep 60674
ss -tlnp | grep 60674

On Windows:

netstat -ano | findstr :60674
Get-NetTCPConnection -LocalPort 60674

If nothing appears, the port is sitting empty—waiting. That's the normal state.

Why Unassigned Ports Matter

The dynamic port range is essential infrastructure. Without it, every client connection would need its own permanent port number, and you'd run out of numbers quickly. Instead, your OS borrows a port from this pool, uses it, and returns it.

But this freedom has a cost: nobody monitors the dynamic ranges the way they monitor port 80, 443, or 22. A malware author can pick any port from 49152-65535 and be reasonably confident it won't trigger alarms just for existing.

Port 60674 itself is probably not listening to anything on your machine right now. But if it is, that's worth investigating.

Related Knowledge

• Port 49152: The start of the dynamic range—where your operating system begins handing out temporary ports
• Port 65535: The absolute last port number. The ceiling.
• Ephemeral ports in general: The Internet's way of handling the fact that every connection needs a number, but we don't have enough permanent numbers for billions of simultaneous connections.

Sources: