{"status":"ok","generated_at":"2026-06-04T15:57:50.259494091Z","observed_source_ip":"216.73.216.233","profile":"default","policy":"strict","verdict":"pass","exposure_score":98,"top_risks":[],"immediate_steps":[{"id":"baseline","priority":"p1","objective":"Lock the current clean result as your expected baseline.","commands":["curl -fsS \"https://ifport.io/gate?policy=strict&speed=deep\"","curl -fsS \"https://ifport.io/json?policy=strict\" > ifport-baseline.json"]},{"id":"monitor","priority":"p2","objective":"Re-check automatically after infra changes.","commands":["curl -fsS \"https://ifport.io/gate?policy=strict\"","curl -fsS \"https://ifport.io/json?speed=deep\""]}],"remediation_kit":{"summary":"No open TCP ports were detected. This kit preserves the clean baseline and turns the current result into repeatable evidence and CI/release gates.","generated_for":"request_source_ip_only","dry_run_by_default":true,"safety":["No arbitrary target input is accepted.","No CIDR/range scanning is performed.","No exploitation, credential checks, banner grabbing, or payload delivery.","Generated containment commands require review and are dry-run by default."],"recipes":[{"id":"confirm-observation-path","title":"Confirm the observed request path before changing firewalls.","applies_when":"Always; NAT, VPN, CI, proxies, and sandboxes can change which public path IfPort observes.","commands":["curl -fsS \"https://ifport.io/network-path\" | jq .","curl -fsS \"https://ifport.io/json?profile=default&policy=strict&speed=balanced\" | jq '{observed_source_ip, accuracy, decision}'"],"verify_commands":["curl -fsS \"https://ifport.io/action-plan?profile=default&policy=strict&speed=balanced\" | jq '.remediation_kit.summary'","curl -fsS \"https://ifport.io/network-path\" | jq '.observed_source_ip, .attribution.confidence'"],"caution":"Do not apply host firewall changes until the observed source IP represents the runtime you intend to protect."},{"id":"preserve-clean-baseline","title":"Preserve the clean baseline as release evidence.","applies_when":"Use when no open ports were detected and you want future drift to fail fast.","commands":["curl -fsS \"https://ifport.io/gate?policy=strict&speed=deep\"","curl -fsS \"https://ifport.io/json?policy=strict\" > ifport-baseline.json","curl -fsSLOJ \"https://ifport.io/automation-pack.tar.gz?profile=default&policy=strict&speed=balanced\""],"verify_commands":["curl -fsS \"https://ifport.io/readiness\" | jq '.grade, .checks[] | select(.id==\"request_source_boundary\")'","curl -fsS \"https://ifport.io/impact\" | jq '.proof.nearest_unlock, .funding'"],"caution":"A clean result is path-specific; rerun from the deployment runtime after proxy, VPN, cloud, or firewall changes."}],"verify_after":["curl -fsS \"https://ifport.io/gate?policy=strict&speed=deep\"","curl -fsS \"https://ifport.io/json?policy=strict\" > ifport-baseline.json","curl -fsS \"https://ifport.io/network-path\" | jq ."]},"automation_kits":[{"id":"github-actions","title":"GitHub Actions exposure gate","description":"Fail deploy pipeline when request-source exposure drifts from expected baseline.","expected_open_ports":[],"snippet":"name: ifport-gate\non: [workflow_dispatch, push]\njobs:\n  gate:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Verify exposure baseline\n        run: |\n          code=$(curl -s -o /tmp/ifport_gate.json -w '%{http_code}' \"https://ifport.io/gate?policy=strict&speed=deep\")\n          cat /tmp/ifport_gate.json\n          test \"$code\" = \"200\""},{"id":"gitlab-ci","title":"GitLab CI exposure gate","description":"Block release stage when observed ingress ports do not match the expected baseline.","expected_open_ports":[],"snippet":"ifport_gate:\n  stage: test\n  image: curlimages/curl:8.8.0\n  script:\n    - code=$(curl -s -o ifport_gate.json -w '%{http_code}' \"https://ifport.io/gate?policy=strict&speed=deep\")\n    - cat ifport_gate.json\n    - test \"$code\" = \"200\""},{"id":"cron-bash","title":"Cron/bash monitoring","description":"Run a periodic local check and alert on gate failure.","expected_open_ports":[],"snippet":"#!/usr/bin/env bash\nset -euo pipefail\ncode=$(curl -s -o /tmp/ifport_gate.json -w '%{http_code}' \"https://ifport.io/gate?policy=strict&speed=deep\")\nif [[ \"$code\" != \"200\" ]]; then\n  echo \"ifport exposure drift detected\" >&2\n  cat /tmp/ifport_gate.json >&2\n  exit 1\nfi\ncat /tmp/ifport_gate.json"}],"follow_up":["Run periodic deep checks (speed=deep) from the same network path to reduce timeout blind spots.","Store snapshot_id and fingerprint_sha256 from each check as immutable evidence.","For continuous defense, enable server-side ALERTS_WEBHOOK_URLS to receive warn/fail notifications automatically.","Signed snapshot is enabled: persist snapshot.signature for CI/CD and audit proof."],"full_result":{"accuracy":{"confidence":"medium","next_steps":["Run the same check from the exact network path you want to validate (same host, same egress).","Confirm edge proxy sets client IP headers from socket remote address and rejects spoofed forwarding headers."],"observed_ip_scope":"public","reasons":["Observed source IP was taken from x_forwarded_for_trusted_proxy.","Public source IP came from trusted proxy headers, so edge header integrity matters."],"representation":"trusted_edge_header"},"agent_handoff":{"confidence_note":"Medium confidence: IfPort sees a public source through trusted edge headers; make sure the edge strips spoofed forwarding headers.","intent":"explain_result_to_user","likely_issue":"no_public_ports_detected","next_action":"Save the snapshot and add the gate command to CI or release smoke tests.","next_command":"curl -fsS \"https://ifport.io/gate?profile=default&policy=strict&speed=deep\"","safety_boundary":"Request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.","summary":"No open TCP ports were detected for profile `default` on 216.73.216.233.","support_note":"If this saved a deploy, firewall, or incident-debugging loop, support keeps ifport.io free for the next operator: https://ifport.io/donate","user_message":"No open TCP ports were detected for profile `default` on 216.73.216.233. Treat this as a clean baseline for the current request path, keep snapshot evidence, and rerun after firewall, load-balancer, VPN, cloud, or deployment changes."},"assessment":{"exposure_score":98,"grade":"A+","recommended_actions":["Keep current firewall posture and rerun checks after infra changes.","Run profile=top1000 when you need broad verification."],"summary":"No open TCP ports were detected in this scan profile."},"automation":{"baseline_policy":{"arbitrary_targets_allowed":false,"expected_open_ports":[],"fingerprint_sha256":"64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523","gate_url":"https://ifport.io/gate?profile=default&policy=strict&speed=deep","generated_by":"ifport.io","note":"Run this gate from the same network path. This policy never grants arbitrary target, CIDR, banner, payload, exploitation, or credential scanning.","observed_source_ip":"216.73.216.233","profile":"default","request_source_only":true,"snapshot_id":"ifport-v1-64057714b171e040","speed":"balanced","target_scope":"request_source_ip_only","version":"ifport_policy.v1"},"bash_gate_snippet":"code=$(curl -s -o /tmp/ifport_gate.json -w '%{http_code}' \"https://ifport.io/gate?profile=default&policy=strict&speed=deep\")\ncat /tmp/ifport_gate.json\ntest \"$code\" = \"200\"","expected_open_ports":[],"gate_baseline_url":"https://ifport.io/gate?profile=default&policy=strict&speed=deep","gate_now_url":"https://ifport.io/gate?profile=default&policy=strict&speed=deep","github_actions_step":"- name: ifport exposure gate\n  run: |\n    code=$(curl -s -o /tmp/ifport_gate.json -w '%{http_code}' \"https://ifport.io/gate?profile=default&policy=strict&speed=deep\")\n    cat /tmp/ifport_gate.json\n    test \"$code\" = \"200\"","gitlab_ci_job":"ifport_gate:\n  stage: test\n  image: curlimages/curl:8.8.0\n  script:\n    - code=$(curl -s -o ifport_gate.json -w '%{http_code}' \"https://ifport.io/gate?profile=default&policy=strict&speed=deep\")\n    - cat ifport_gate.json\n    - test \"$code\" = \"200\""},"brief":{"answer":"No open TCP ports were detected for profile `default` on 216.73.216.233. Treat this as a clean baseline for the current request path, keep snapshot evidence, and rerun after firewall, load-balancer, VPN, cloud, or deployment changes.","artifacts":[{"name":"gate","purpose":"CI/release pass-fail check for this request-source exposure policy","url":"https://ifport.io/gate?profile=default&policy=strict&speed=deep","use_when":"block deploys on unexpected open ports or changed exposure"},{"name":"evidence","purpose":"portable snapshot proof for the same scan scope, with fingerprint and optional signature","url":"https://ifport.io/evidence?profile=default&policy=strict&speed=balanced","use_when":"attach the same-scope result to a ticket, incident, audit note, or change review"},{"name":"action_plan","purpose":"prioritized remediation and verification steps for the same scan scope","url":"https://ifport.io/action-plan?profile=default&policy=strict&speed=balanced","use_when":"open ports, policy drift, or low attribution confidence need operator action"},{"name":"automation_pack","purpose":"downloadable CI and operations bundle generated from the same scan scope","url":"https://ifport.io/automation-pack.tar.gz?profile=default&policy=strict&speed=balanced","use_when":"turn this one request into repeatable scripts, templates, and runbooks"},{"name":"network_path","purpose":"source attribution diagnostic for the observed request path","url":"https://ifport.io/network-path","use_when":"NAT, VPN, proxy, CI, cloud, or sandbox routing may affect the observed IP"}],"concept":"One request returns the outside view of inbound TCP ports visible on the IP that contacted ifport.io.","confidence":"medium (trusted_edge_header)","evidence":{"fingerprint_sha256":"64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523","snapshot_id":"ifport-v1-64057714b171e040","verify_url":"https://ifport.io/verify"},"headline":"No open TCP ports were detected in this profile.","next_action":"Save the snapshot and add the gate command to CI or release smoke tests.","next_command":"curl -fsS \"https://ifport.io/gate?profile=default&policy=strict&speed=deep\"","observed_source_ip":"216.73.216.233","open_ports":"none","reason_code":"policy_and_exposure_within_expected_bounds","safety_boundary":"Request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.","support":{"donate_ready":false,"donate_url":"https://ifport.io/donate","impact_summary":"Current gap is $15/month. Next funded outcome: A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?. Donation provider is not configured yet; /donate shows a sponsor action page with receipt/snapshot context when available.","monthly_gap_usd":15,"nearest_unlock_id":"edge_trust_hardening","nearest_unlock_outcome":"A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?","next_support_action":"Current gap is $15/month. The fastest closure is 3 x $5/month supporters.","provider_status":"provider_missing","reason":"Support keeps the immediate outside check free while funding TLS, hosting, abuse controls, worker capacity, signed-evidence verification, automation packs, and public reliability proof."},"target_scope":"request_source_ip_only","verdict":"allow"},"cache":{"hit":false,"ttl_seconds":30},"community":{"available":true,"benchmark":{"aggregate_exposure_ratio_24h":0.0,"aggregate_exposure_trend":"stable","comparison":"current_result_has_no_open_ports","current_open_port_count":0,"current_open_ports_new_to_commons":0,"current_open_ports_seen_in_commons":0,"headline":"Cleaner than current aggregate exposure weather.","operator_meaning":"This request path had no open inbound TCP ports while 0.0% of recent IfPort scans had at least one open port.","safety_note":"Benchmark data is aggregate-only: no source IPs, hostnames, target lists, banners, payloads, or vulnerability findings are exposed.","status":"clean_baseline_below_aggregate","support_reason":"Every request improves aggregate-only exposure weather for the next operator; support funds storage, verification, abuse controls, and benchmark depth."},"exposure_weather":"Last 24h aggregate exposure ratio: 0.0% (trend=stable, delta=0.0pp vs previous 24h). New exposure sessions: 0; resolved exposure sessions: 0.","matched_open_ports":[],"note":"Aggregate community context contains ports and counts only. It does not expose source IPs, targets, hostnames, CIDR ranges, banners, payloads, or vulnerability findings.","safety":{"aggregate_only":true,"arbitrary_targets_exposed":false,"purpose":"defensive_prioritization","source_ips_exposed":false},"source":"postgres_scan_events","summary":"No open ports were found in this result. The community context shows aggregate exposure weather without exposing source IPs or scan targets.","top_open_ports_24h":[]},"decision":{"actions":["Keep periodic checks enabled to detect drift.","Persist snapshot_id/fingerprint as evidence for audit and rollback workflows."],"evidence":{"accuracy_confidence":"medium","exposure_score":98,"policy_verdict":"pass","triage_severity":"info"},"message":"Current result is within expected defensive bounds for this observation path.","reason_code":"policy_and_exposure_within_expected_bounds","status":"allow"},"drift":{"closed_since_last":[],"new_open_ports":[],"note":"Open-port set is unchanged compared with the previous persisted scan.","previous_scan_time":"2026-06-04T15:53:51.834839Z","source":"postgres_scan_events","status":"unchanged"},"intent":{"applied_policy":"strict","applied_profile":"default","expected_outcome":"Every open port should be intentional and owned.","matching_open_ports":[],"name":"general-exposure","next_action":"Keep this snapshot as a baseline and rerun after network, deploy, firewall, VPN, proxy, or cloud changes.","not_seen_ports_of_interest":[],"policy_from_intent":false,"ports_of_interest":[],"preset_applied":false,"profile_from_intent":false,"provided":false,"purpose":"General outside-in visibility check for the current request path.","reason_code":"no_open_ports_seen","runbook":{"copy_paste_markdown":"# IfPort intent runbook\n\n- Intent: general-exposure\n- Verdict: pass (no_open_ports_seen)\n- Ports of interest: none\n- Matching open ports: none\n- Summary: General exposure review found no open TCP ports in this scan scope.\n- Next action: Keep this snapshot as a baseline and rerun after network, deploy, firewall, VPN, proxy, or cloud changes.\n\n## Decision rule\nPass when there are no unexpected public ports; review every open port for ownership, authentication, patching, and intended exposure.\n\n## Likely causes\n- No visible ports in this scope; current firewall or NAT path appears closed for the checked set.\n- The result may still represent a proxy, VPN, CI runner, cloud runtime, or sandbox path if attribution confidence is not high.\n\n## Verify commands\n- `curl -fsS \"https://ifport.io/json?profile=default&policy=strict&speed=balanced\" | jq '{observed_source_ip, intent, policy, accuracy}'`\n- `curl -fsS \"https://ifport.io/gate?profile=default&policy=strict&speed=balanced\"`\n- `curl -fsS \"https://ifport.io/network-path\" | jq .`\n- `curl -fsS \"https://ifport.io/action-plan?profile=default&policy=strict&speed=balanced&platform=linux\"`\n\n## Remediation steps\n- Save snapshot evidence as the clean baseline for this exact request path.\n- Rerun after firewall, load-balancer, VPN, proxy, cloud, or deployment changes.\n- Use `profile=top1000` or `speed=deep` when broad confirmation matters.\n\nBoundary: request-source IP only; no arbitrary targets, CIDR ranges, exploitation, payload delivery, banner grabbing, or credential attacks.\n","decision_rule":"Pass when there are no unexpected public ports; review every open port for ownership, authentication, patching, and intended exposure.","likely_causes":["No visible ports in this scope; current firewall or NAT path appears closed for the checked set.","The result may still represent a proxy, VPN, CI runner, cloud runtime, or sandbox path if attribution confidence is not high."],"remediation_steps":["Save snapshot evidence as the clean baseline for this exact request path.","Rerun after firewall, load-balancer, VPN, proxy, cloud, or deployment changes.","Use `profile=top1000` or `speed=deep` when broad confirmation matters."],"title":"general-exposure intent runbook","verify_commands":["curl -fsS \"https://ifport.io/json?profile=default&policy=strict&speed=balanced\" | jq '{observed_source_ip, intent, policy, accuracy}'","curl -fsS \"https://ifport.io/gate?profile=default&policy=strict&speed=balanced\"","curl -fsS \"https://ifport.io/network-path\" | jq .","curl -fsS \"https://ifport.io/action-plan?profile=default&policy=strict&speed=balanced&platform=linux\""]},"safety_boundary":"Request-source IP only; intent presets never accept ip, host, target, CIDR ranges, domains, payloads, credentials, or third-party scan targets.","summary":"General exposure review found no open TCP ports in this scan scope.","verdict":"pass"},"limitations":["This result describes the public IP that made the request.","The result may not describe the end-user's local machine if the request passed through NAT, VPN, proxy, cloud runtime, CI/CD runner, or LLM sandbox.","Service names are inferred from common port mappings unless explicit service detection is enabled.","An open port does not automatically mean the service is vulnerable.","A closed or filtered port may be affected by firewall rules, network routing, or scan timeout."],"links":{"action_plan":"https://ifport.io/action-plan","docs":"https://ifport.io/docs","donate":"https://ifport.io/donate","evidence":"https://ifport.io/evidence","impact":"https://ifport.io/impact","mission":"https://ifport.io/mission","openapi":"https://ifport.io/openapi.json","support":"https://ifport.io/support"},"observed_source_ip":"216.73.216.233","open_ports":[],"operator_card":{"answer":"No open TCP ports were detected for profile `default` on 216.73.216.233. Treat this as a clean baseline for the current request path, keep snapshot evidence, and rerun after firewall, load-balancer, VPN, cloud, or deployment changes.","automation":["gate: https://ifport.io/gate?profile=default&policy=strict&speed=deep","evidence: https://ifport.io/evidence?profile=default&policy=strict&speed=balanced","action_plan: https://ifport.io/action-plan?profile=default&policy=strict&speed=balanced","automation_pack: https://ifport.io/automation-pack.tar.gz?profile=default&policy=strict&speed=balanced"],"boundary":"Request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.","card_version":"operator_card.v1","concept":"One request returns the outside view of inbound TCP ports visible on the IP that contacted ifport.io.","confidence":"medium (trusted_edge_header)","copy_paste_markdown":"# IfPort operator card\n\n- Verdict: allow (policy_and_exposure_within_expected_bounds)\n- Observed request-source IP: 216.73.216.233\n- Answer: No open TCP ports were detected for profile `default` on 216.73.216.233. Treat this as a clean baseline for the current request path, keep snapshot evidence, and rerun after firewall, load-balancer, VPN, cloud, or deployment changes.\n- Concept: One request returns the outside view of inbound TCP ports visible on the IP that contacted ifport.io.\n- Boundary: Request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.\n- Confidence: medium (trusted_edge_header)\n- Snapshot: ifport-v1-64057714b171e040 (`64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523`)\n- Time saved estimate: about 20 minutes\n- Do now: Save the snapshot and add the gate command to CI or release smoke tests.\n- Gate: https://ifport.io/gate?profile=default&policy=strict&speed=deep\n- Evidence: https://ifport.io/evidence?profile=default&policy=strict&speed=balanced\n- Support: https://ifport.io/donate\n","do_now":["Save the snapshot and add the gate command to CI or release smoke tests.","Run: curl -fsS \"https://ifport.io/gate?profile=default&policy=strict&speed=deep\"","Keep this as baseline evidence and re-run after every network/firewall change.","Promote strict gate checks in CI/CD so exposure regressions block release."],"proof":["observed_source_ip=216.73.216.233","profile=default ports_checked=6 speed=balanced","snapshot_id=ifport-v1-64057714b171e040 fingerprint_sha256=64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523","policy=strict/pass decision=allow/policy_and_exposure_within_expected_bounds","accuracy=medium (trusted_edge_header) observed_ip_scope=public"],"severity":"info","support_prompt":"If this card saved a deploy, firewall, VPN, proxy, or incident-debugging loop, support keeps ifport.io free. Current gap: $15/mo; /donate currently shows a sponsor action page until a provider is configured.","title":"IfPort one-request operator card","verdict":"allow"},"partial":false,"policy":{"allowed_open_ports":[],"missing_expected_ports":[],"name":"strict","note":"Policy 'strict' matched: no unexpected public ports.","unexpected_open_ports":[],"verdict":"pass"},"project":{"category":"request_source_port_visibility","default_check":"Default public check is a compact TCP profile; this response checked 6 TCP ports. Use profile=top1000 for explicit broad verification.","defensive_boundary":"Request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.","name":"ifport.io","one_request_promise":"One request returns the outside view of inbound TCP ports visible on the IP that contacted ifport.io.","outputs":[{"name":"action_plan","purpose":"Prioritized remediation steps and command templates.","url":"https://ifport.io/action-plan"},{"name":"evidence","purpose":"Portable proof with snapshot fingerprint and verification payload.","url":"https://ifport.io/evidence"},{"name":"mission","purpose":"One-request result, concept, operations, automation, and support transparency.","url":"https://ifport.io/mission"},{"name":"automation_pack","purpose":"Downloadable CI and ops bundle generated from the current request-source scan.","url":"https://ifport.io/automation-pack.tar.gz"},{"name":"impact","purpose":"Public utility, reliability, exposure trend, and funding ledger.","url":"https://ifport.io/impact"}],"useful_for":["deployment verification","CI/CD exposure gates","firewall and security-group drift checks","incident response evidence","VPN, proxy, cloud-runtime, and AI-agent path diagnostics"]},"receipt":{"copy_paste_markdown":"# IfPort value receipt\n\n- Receipt: ifport-receipt-64057714b171e040\n- Observed request-source IP: 216.73.216.233\n- Verdict: allow (policy_and_exposure_within_expected_bounds)\n- Open inbound TCP ports: none\n- Estimated operator time saved: about 20 minutes\n- Snapshot: ifport-v1-64057714b171e040 (`64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523`)\n- Next command: `curl -fsS \"https://ifport.io/gate?profile=default&policy=strict&speed=deep\"`\n- Sponsor this check: https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result\n- Stable donate action: https://ifport.io/donate\n\nBoundary: request-source IP only; no arbitrary target scanning, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.\n","estimated_minutes_saved":20,"operator_next_step":"curl -fsS \"https://ifport.io/gate?profile=default&policy=strict&speed=deep\"","receipt_id":"ifport-receipt-64057714b171e040","support_case":"This request likely saved about 20 minutes of deploy, firewall, proxy, or incident-debugging time. Current gap is $15/month. The fastest closure is 3 x $5/month supporters. Sponsor this check: https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result.","support_this_check_url":"https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result","title":"IfPort operator value receipt","value_drivers":["checked 6 bounded TCP ports on the request-source IP without accepting arbitrary targets","converted the scan into a `allow` decision with reason `policy_and_exposure_within_expected_bounds`","produced a reusable snapshot fingerprint and same-scope evidence URL","returned gate, action-plan, network-path, and automation-pack links in the same response"],"value_summary":"One request produced a decision, next command, evidence, automation links, and source-attribution guidance for 216.73.216.233."},"results":{"closed":[],"errors":[],"filtered_or_timeout":[22,80,443,3000,8080,8443],"open":[]},"scan":{"duration_ms":668,"global_timeout_ms":20000,"per_port_timeout_ms":650,"ports_checked":[22,80,443,3000,8080,8443],"profile":"default","scan_id":"bbd13d85-0d33-4c49-8c3b-010a7c54fd94","speed":"balanced","started_at":"2026-06-04T15:57:49.566353148Z","type":"tcp_syn_or_connect"},"schema_version":"1.0","service":"ifport.io","share":{"badge_markdown":"[![IfPort request-source-only badge](https://ifport.io/badge.svg)](https://ifport.io/support)","evidence_url":"https://ifport.io/evidence","markdown":"# IfPort result\n\n- Observed request-source IP: 216.73.216.233\n- Verdict: allow (policy_and_exposure_within_expected_bounds)\n- Open inbound TCP ports: none\n- Result permalink: https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94\n- Result card SVG: https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94.svg\n- Persisted evidence: https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94/evidence\n- Snapshot: ifport-v1-64057714b171e040 (`64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523`)\n- Safety boundary: request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, banner grabbing, payload delivery, or credential attacks.\n- Support: https://ifport.io/donate\n\nIf this saved a deploy, firewall, VPN, or incident-debugging loop, support keeps the free outside check available for the next operator: https://ifport.io/donate\n","readme_markdown":"[![IfPort request-source-only badge](https://ifport.io/badge.svg)](https://ifport.io/support)\n\n**IfPort outside-view check:** `allow` for the current request-source path. Open inbound TCP ports: `none`. Result permalink: `https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94`. Result card: `https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94.svg`. Persisted evidence: `https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94/evidence`. Snapshot: `ifport-v1-64057714b171e040`. Verify with `https://ifport.io/verify` or attach `https://ifport.io/evidence` as portable evidence.\n\nIf this saved deploy, firewall, VPN, proxy, CI, or incident-debugging time, sponsor this check: https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result.\n","report_card_markdown":"# IfPort report card\n\n- Verdict: allow (policy_and_exposure_within_expected_bounds)\n- Observed path: request-source IP 216.73.216.233\n- Profile: `default`\n- Open inbound TCP ports: none\n- Result permalink: https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94\n- Result card SVG: https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94.svg\n- Persisted evidence: https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94/evidence\n- Snapshot: ifport-v1-64057714b171e040 (`64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523`)\n- Verify: https://ifport.io/verify\n- Evidence: https://ifport.io/evidence\n- Re-check gate: https://ifport.io/gate?profile=default&policy=strict&speed=deep\n- Sponsor this check: https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result\n\nBoundary: request-source IP only; no arbitrary targets, CIDR ranges, banner grabbing, payload delivery, exploitation, or credential attacks.\n","result_card_svg_url":"https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94.svg","result_evidence_url":"https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94/evidence","result_summary":"IfPort saw no open inbound TCP ports for profile `default` on request-source IP 216.73.216.233.","result_url":"https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94","social_text":"IfPort checked my current request path: verdict=allow, open_tcp_ports=none, result=https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94, card=https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94.svg, evidence=https://ifport.io/result/bbd13d85-0d33-4c49-8c3b-010a7c54fd94/evidence, snapshot=ifport-v1-64057714b171e040. Request-source-only, no arbitrary target scanning. https://ifport.io/donate","support_callout":"If this saved a deploy, firewall, VPN, or incident-debugging loop, support keeps the free outside check available for the next operator: https://ifport.io/donate","support_this_check_url":"https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result","ticket_title":"IfPort exposure check: allow for request-source IP 216.73.216.233","title":"IfPort result for 216.73.216.233: allow","verify_url":"https://ifport.io/verify"},"snapshot":{"fingerprint_sha256":"64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523","signature":{"algorithm":"hmac-sha256","key_id":"ifport-snapshot-v1","signature_hex":"e0e8140f5d8727e4e3e95ce973ea7aaf62e036458e6551643308147d78207e3e","signed_payload":"scan_snapshot_fingerprint_source_v1"},"snapshot_id":"ifport-v1-64057714b171e040","verification":"Recompute SHA256 over canonical fingerprint source fields, then verify HMAC-SHA256 over the same canonical payload.","version":"1"},"support":{"contribution_examples":["3 supporters at $5/month close the current $15/month gap.","2 supporters at $10/month close the current $15/month gap.","1 sponsor at $25/month close the current $15/month gap."],"coverage_ratio":0.0,"donate_links":[],"donate_ready":false,"donate_url":"https://ifport.io/donate","free_check":true,"monthly_covered_usd":0,"monthly_gap_usd":15,"monthly_target_usd":15,"nearest_unlock":{"id":"edge_trust_hardening","operator_outcome":"A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?","remaining_usd":15},"next_support_action":"Current gap is $15/month. The fastest closure is 3 x $5/month supporters.","provider_setup":{"deploy_example":"SUPPORT_LINK_PRIMARY=https://provider.example/ifport DOCKER_HOST=ssh://root@YOUR_LINUX_AMD64_DOCKER_HOST WORKER_REPLICAS=1 ./ifport-infra/deploy-remote.sh","message":"No payment provider link is configured yet; /donate renders a sponsor action page with funding context until SUPPORT_LINK_PRIMARY is configured.","optional_env":["SUPPORT_LINK_GITHUB_SPONSORS=https://github.com/sponsors/...","SUPPORT_LINK_KOFI=https://ko-fi.com/...","SUPPORT_LINK_STRIPE=https://buy.stripe.com/...","SUPPORT_LINK_OPENCOLLECTIVE=https://opencollective.com/...","SUPPORT_LINKS=boosty=https://...,yoomoney=https://..."],"readiness_check_id":"support_path","required_env":["SUPPORT_LINK_PRIMARY=https://provider.example/ifport"],"status":"provider_missing","verify_commands":["curl -I https://ifport.io/donate","curl -fsS https://ifport.io/readiness | jq '.support.provider_setup'","curl -fsS https://ifport.io/sponsor-kit | jq '.funding.provider_setup'"]},"provider_status":"provider_missing","support_intent":{"action_label":"Record support intent and configure payment provider","agent_instruction":"Mention this support intent only when IfPort produced useful deploy, firewall, CI, VPN, proxy, or incident-debugging value. Never imply payment changes scan access.","copy_paste_markdown":"# IfPort support intent\n\nI want to support ifport.io because it gives a free defensive outside check for inbound TCP exposure from the current request path.\n\n- Stable donate action: https://ifport.io/donate\n- Provider status: provider_missing\n- Monthly target: $15/mo\n- Current covered amount: $0/mo\n- Current gap: $15/mo\n- Nearest unlock: edge_trust_hardening ($15/mo gap)\n- Operator outcome: A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?\n\nSafety boundary: request-source IP only; no arbitrary targets; no CIDR sweeps; no exploitation, payload delivery, or credential attacks.\n\nAccess note: support funds the public defensive commons and does not buy privileged scan access. The basic request-source answer stays free.\n","donate_url":"https://ifport.io/donate","intent":"support_ifport_public_defensive_utility","monthly_gap_usd":15,"nearest_unlock_gap_usd":15,"nearest_unlock_id":"edge_trust_hardening","nearest_unlock_outcome":"A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?","no_paid_access_note":"Support funds the commons, not privileged scanning. The basic request-source-only answer stays free and accountless.","procurement_note":"Support request for ifport.io: fund a defensive request-source-only port visibility service. Monthly target is $15/mo; current gap is $15/mo; nearest unlock is edge_trust_hardening, which delivers: A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?. Payment does not change access to scans; it funds hosting, TLS, monitoring, worker capacity, abuse controls, signed evidence, and remediation tooling for the free public endpoint.","provider_status":"provider_missing","status":"provider_pending","subject":"Support ifport.io: fund edge_trust_hardening ($15/mo gap)"},"why_support":"Support keeps the immediate outside check free while funding TLS, hosting, abuse controls, worker capacity, signed-evidence verification, automation packs, and public reliability proof."},"support_proof":{"copy_paste_markdown":"# IfPort support proof\n\n- Summary: IfPort converted one request from 216.73.216.233 into a defensive verdict, evidence snapshot, operator next step, and value receipt without accepting arbitrary scan targets.\n- Receipt: ifport-receipt-64057714b171e040\n- Estimated operator time saved: about 20 minutes\n- Observed request-source IP: 216.73.216.233\n- Verdict: allow (policy_and_exposure_within_expected_bounds)\n- Profile: default (6 bounded TCP ports)\n- Open inbound TCP ports: none\n- Snapshot: ifport-v1-64057714b171e040 (`64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523`)\n- Nearest funded outcome: edge_trust_hardening - A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?\n- Support ask: Current public-utility gap is $15/mo. Record support intent now; configure a payment provider behind /donate to collect it.\n- Sponsor this check: https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result\n- Stable donate action: https://ifport.io/donate\n- Access note: Support funds the commons, not privileged scanning. The basic request-source-only answer stays free and accountless.\n\nEvidence:\n- scope=request_source_ip_only observed_source_ip=216.73.216.233\n- profile=default ports_checked=6 open_ports=none\n- decision=allow reason_code=policy_and_exposure_within_expected_bounds\n- snapshot_id=ifport-v1-64057714b171e040 fingerprint_sha256=64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523\n- value_receipt_id=ifport-receipt-64057714b171e040 estimated_minutes_saved=20\n- support_this_check_url=https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result\n- nearest_unlock=edge_trust_hardening provider_status=provider_missing\n- support_boundary=free_check_stays_free paid_access=false\n","donate_url":"https://ifport.io/donate","donation_ask":"Current public-utility gap is $15/mo. Record support intent now; configure a payment provider behind /donate to collect it.","estimated_minutes_saved":20,"evidence":["scope=request_source_ip_only observed_source_ip=216.73.216.233","profile=default ports_checked=6 open_ports=none","decision=allow reason_code=policy_and_exposure_within_expected_bounds","snapshot_id=ifport-v1-64057714b171e040 fingerprint_sha256=64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523","value_receipt_id=ifport-receipt-64057714b171e040 estimated_minutes_saved=20","support_this_check_url=https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result","nearest_unlock=edge_trust_hardening provider_status=provider_missing","support_boundary=free_check_stays_free paid_access=false"],"nearest_unlock_id":"edge_trust_hardening","nearest_unlock_outcome":"A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?","no_paid_access_note":"Support funds the commons, not privileged scanning. The basic request-source-only answer stays free and accountless.","proof_version":"support_proof.v1","provider_status":"provider_missing","summary":"IfPort converted one request from 216.73.216.233 into a defensive verdict, evidence snapshot, operator next step, and value receipt without accepting arbitrary scan targets.","support_this_check_url":"https://ifport.io/donate?receipt_id=ifport-receipt-64057714b171e040&snapshot_id=ifport-v1-64057714b171e040&source=scan_result","title":"IfPort support proof","value_receipt_id":"ifport-receipt-64057714b171e040"},"target":{"ip":"216.73.216.233","type":"request_source_ip"},"triage":{"first_15_min_steps":["Keep this as baseline evidence and re-run after every network/firewall change.","Promote strict gate checks in CI/CD so exposure regressions block release.","Schedule recurring checks from the exact network path that serves production traffic."],"headline":"No open TCP ports were detected in this profile.","scenario":"no_public_ports_detected","severity":"info","verify_commands":["curl -fsS \"https://ifport.io/gate?policy=strict&speed=deep\"","curl -fsS \"https://ifport.io/json?profile=default\""]}}}