Internet-Security.com TCP port 31337 details

Back Orifice 2000 (BO2K) commonly listened on TCP port 31337 for remote administration; the original Back Orifice used UDP 31337.
In real intrusions, attackers frequently deploy netcat-based backdoors that bind a shell on 31337/TCP after compromise.
Due to this history, many IDS/IPS signatures and scanners treat 31337/TCP as a backdoor/“elite” port rather than a legitimate service.
This port is strongly associated with hacking and exploitation, primarily as a command-and-control or bindshell backdoor channel.

TCP 31337