# ifport.io result

## Decision

- Verdict: SAFE NOW
- Answer: No open TCP ports were detected for profile `default` on 216.73.216.233. Treat this as a clean baseline for the current request path, keep snapshot evidence, and rerun after firewall, load-balancer, VPN, cloud, or deployment changes.
- Observed request-source IP: 216.73.216.233
- Open inbound TCP ports now: none
- Scan profile: default (6 TCP ports)
- Scan ID: 1a08fdc7-7bdd-48b3-b0c1-3264511895c4
- Result permalink: https://ifport.io/result/1a08fdc7-7bdd-48b3-b0c1-3264511895c4
- Result card SVG: https://ifport.io/result/1a08fdc7-7bdd-48b3-b0c1-3264511895c4.svg
- Result evidence: https://ifport.io/result/1a08fdc7-7bdd-48b3-b0c1-3264511895c4/evidence
- Policy: strict / pass
- Change since last scan: first seen baseline for this request source/profile via runtime memory; open ports now: none
- Exposure score: 98/100
- Confidence: medium (attribution confidence is medium; verify once more from your real edge path.)
- Snapshot: ifport-v1-f24bce0d58f8f8d0 (`f24bce0d58f8f8d02bec4013aed9beca820dbcdaac66c0307d7f99530fdc51a7`)

## Do now

Save the snapshot and add the gate command to CI or release smoke tests.

```bash
curl -fsS "https://ifport.io/gate?profile=default&policy=strict&speed=deep"
```

## Concept

IfPort is a public edge mirror: it shows what the internet can reach on the IP that just called it, then refuses every arbitrary target.

- Promise: IfPort scans only the public IP that contacted the edge and reports inbound TCP visibility for defensive hardening, never arbitrary-target reconnaissance.
- Default check: compact TCP profile on the request-source IP; use `profile=top1000` for broad verification.
- Boundary: Request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.
- Built for: Deploy verification for web/API services, CI/CD exposure gate before release, Firewall/security-group drift detection, LLM-agent runtime network diagnostics
- Not for: Arbitrary target scanning; CIDR/range enumeration; Vulnerability exploitation or credential attacks
- Safety flags: request_source_only=true, arbitrary_targets_allowed=false, cidr_scanning_allowed=false, exploitation_allowed=false

## Operator card

- Title: IfPort one-request operator card
- Answer: No open TCP ports were detected for profile `default` on 216.73.216.233. Treat this as a clean baseline for the current request path, keep snapshot evidence, and rerun after firewall, load-balancer, VPN, cloud, or deployment changes.
- Concept: One request returns the outside view of inbound TCP ports visible on the IP that contacted ifport.io.
- Boundary: Request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.
- Confidence: medium (trusted_edge_header)
- Intent: general-exposure / pass (no_open_ports_seen) - General exposure review found no open TCP ports in this scan scope.
- Intent next action: Keep this snapshot as a baseline and rerun after network, deploy, firewall, VPN, proxy, or cloud changes.
- Intent runbook: general-exposure intent runbook; verify: `curl -fsS "https://ifport.io/json?profile=default&policy=strict&speed=fast" | jq '{observed_source_ip, intent, policy, accuracy}'`; first fix: Save snapshot evidence as the clean baseline for this exact request path.

### Card do now
- Save the snapshot and add the gate command to CI or release smoke tests.
- Run: curl -fsS "https://ifport.io/gate?profile=default&policy=strict&speed=deep"
- Keep this as baseline evidence and re-run after every network/firewall change.
### Card proof
- observed_source_ip=216.73.216.233
- profile=default ports_checked=6 speed=fast
- snapshot_id=ifport-v1-f24bce0d58f8f8d0 fingerprint_sha256=f24bce0d58f8f8d02bec4013aed9beca820dbcdaac66c0307d7f99530fdc51a7

## Artifacts

- `gate`: https://ifport.io/gate?profile=default&policy=strict&speed=deep - CI/release pass-fail check for this request-source exposure policy. Use when: block deploys on unexpected open ports or changed exposure.
- `evidence`: https://ifport.io/evidence?profile=default&policy=strict&speed=fast - portable snapshot proof for the same scan scope, with fingerprint and optional signature. Use when: attach the same-scope result to a ticket, incident, audit note, or change review.
- `action_plan`: https://ifport.io/action-plan?profile=default&policy=strict&speed=fast - prioritized remediation and verification steps for the same scan scope. Use when: open ports, policy drift, or low attribution confidence need operator action.
- `automation_pack`: https://ifport.io/automation-pack.tar.gz?profile=default&policy=strict&speed=fast - downloadable CI and operations bundle generated from the same scan scope. Use when: turn this one request into repeatable scripts, templates, and runbooks.
- `network_path`: https://ifport.io/network-path - source attribution diagnostic for the observed request path. Use when: NAT, VPN, proxy, CI, cloud, or sandbox routing may affect the observed IP.
- Full JSON: https://ifport.io/json
- Full Markdown report: https://ifport.io/mission?format=markdown
- Result permalink: https://ifport.io/result/1a08fdc7-7bdd-48b3-b0c1-3264511895c4
- Result card SVG: https://ifport.io/result/1a08fdc7-7bdd-48b3-b0c1-3264511895c4.svg
- Result evidence: https://ifport.io/result/1a08fdc7-7bdd-48b3-b0c1-3264511895c4/evidence
- Browser mission page: https://ifport.io/mission

## Evidence

- Verify snapshot: https://ifport.io/verify
- Persisted evidence: https://ifport.io/result/1a08fdc7-7bdd-48b3-b0c1-3264511895c4/evidence
- Share summary: IfPort saw no open inbound TCP ports for profile `default` on request-source IP 216.73.216.233.
- Accountability ledger: https://ifport.io/impact

## Value receipt

- Receipt ID: ifport-receipt-f24bce0d58f8f8d0
- Estimated operator time saved: about 20 minutes
- Summary: One request produced a decision, next command, evidence, automation links, and source-attribution guidance for 216.73.216.233.
- Next operator step: `curl -fsS "https://ifport.io/gate?profile=default&policy=strict&speed=deep"`
- Sponsor this check: https://ifport.io/donate?receipt_id=ifport-receipt-f24bce0d58f8f8d0&snapshot_id=ifport-v1-f24bce0d58f8f8d0&source=scan_result
- Why this request had value:
- checked 6 bounded TCP ports on the request-source IP without accepting arbitrary targets
- converted the scan into a `allow` decision with reason `policy_and_exposure_within_expected_bounds`
- produced a reusable snapshot fingerprint and same-scope evidence URL
- returned gate, action-plan, network-path, and automation-pack links in the same response
- Support case: This request likely saved about 20 minutes of deploy, firewall, proxy, or incident-debugging time. Current gap is $15/month. The fastest closure is 3 x $5/month supporters. Sponsor this check: https://ifport.io/donate?receipt_id=ifport-receipt-f24bce0d58f8f8d0&snapshot_id=ifport-v1-f24bce0d58f8f8d0&source=scan_result.
- Support proof: IfPort converted one request from 216.73.216.233 into a defensive verdict, evidence snapshot, operator next step, and value receipt without accepting arbitrary scan targets.

## Commons signal

A free public exposure utility: every request helps one operator immediately and improves aggregate defensive guidance for everyone.

- Commons today: 114 scans from 79 source IPs, 100.0% completion
- Exposure weather: stable | exposure 24h 0.0% vs prev 0.0% (+0.0pp), new exposures 0, resolved 0
- Your benchmark: Cleaner than current aggregate exposure weather.
- Benchmark meaning: This request path had no open inbound TCP ports while 0.0% of recent IfPort scans had at least one open port.
- Benchmark safety: Benchmark data is aggregate-only: no source IPs, hostnames, target lists, banners, payloads, or vulnerability findings are exposed.
- Current hotspots:
- no hotspot data yet

## Support

If this answer saved one deploy, firewall, VPN, proxy, or incident-debugging loop, support keeps the same free outside check available for the next operator.

- Sponsor this check: https://ifport.io/donate?receipt_id=ifport-receipt-f24bce0d58f8f8d0&snapshot_id=ifport-v1-f24bce0d58f8f8d0&source=scan_result
- Donate: https://ifport.io/donate
- Provider state: provider_missing; /donate shows a sponsor action page until a payment link is configured
- Support intent: Support ifport.io: fund edge_trust_hardening ($15/mo gap)
- Support proof: IfPort support proof (support_proof.v1)
- Intent action: Record support intent and configure payment provider
- Access note: Support funds the commons, not privileged scanning. The basic request-source-only answer stays free and accountless.
- Public utility budget: $15/mo, covered $0/mo (0%), gap $15/mo
- Next unlock: edge_trust_hardening needs $15/mo: A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?
- Fast close options: 3 supporters at $5/mo close a $15/mo gap. | 2 supporters at $10/mo close a $15/mo gap. | 1 sponsor at $25/mo close a $15/mo gap.
- Efficiency note: at current traffic (~114 scans/day), full funding is about $4.39 per 1k defensive scans.
- Free-check principle: a small recurring donation keeps this external check available before teams have a budget, agent, or dashboard.
- Support contract: https://ifport.io/support