Internet-Security.com TCP port 13389 details

TCP port 13389 is commonly used for Microsoft Remote Desktop Protocol (RDP) when administrators change the default port or use NAT to map external 13389 to internal 3389.
Real-world examples include Windows Remote Desktop Services on Windows Server and Windows 10/11 Pro accessed through home/SMB routers (e.g., MikroTik/TP-Link) that forward 13389 to a workstation or server.
Cloud VMs also frequently expose RDP on 13389 when users customize the service or security groups; internet scans (e.g., Shodan) often show “ms-wbt-server” banners on this port.
This port is associated with hacking/exploitation: attackers routinely scan and brute-force RDP on non-default ports like 13389, leading to compromises later used for lateral movement and ransomware deployment.
Numerous incident reports note RDP-based intrusions (including ransomware families such as Dharma/Crysis and Phobos) regardless of whether RDP is on 3389 or alternate ports like 13389.

TCP 13389