Internet-Security.com TCP port 2053 details

Cloudflare proxies TCP port 2053 as an alternate HTTPS port, carrying normal HTTPS (TLS/HTTP/2/HTTP/3) to origin servers.
Web servers and reverse proxies like Nginx and Apache are often configured to serve TLS on 2053 when the site is behind Cloudflare, making apps reachable at https://domain:2053.
Censorship-circumvention proxy software—V2Ray/Xray (VMess/VLESS over WebSocket+TLS), Trojan/Trojan-Go, and Shadowsocks—commonly uses 2053 when fronted by Cloudflare because it’s one of Cloudflare’s permitted HTTPS ports.
Some self-hosted dashboards and panels run on 2053 specifically to leverage Cloudflare’s alternate HTTPS port support without occupying 443.
Abuse: Since 2053 is treated as standard HTTPS, attackers and red-team operators sometimes hide command-and-control traffic on this port (often behind CDN fronting) to blend in with normal TLS traffic.

TCP 2053