{"status":"ok","generated_at":"2026-06-04T15:53:08.592022946Z","project":"ifport-mission","observed_source_ip":"216.73.216.233","brief":{"result_statement":"No open ports detected in this request-source scan.","concept_statement":"IfPort is a public edge mirror: it shows what the internet can reach on the IP that just called it, then refuses every arbitrary target.","operator_value":"policy=strict verdict=pass | snapshot=ifport-v1-64057714b171e040 | automation_bundle_files=14"},"concept":{"tagline":"A weather report for your current internet edge: one request shows what is reachable now.","defensive_only":true,"request_source_only":true,"arbitrary_targets_allowed":false,"cidr_scanning_allowed":false,"exploitation_allowed":false,"promise":"IfPort scans only the public IP that contacted the edge and reports inbound TCP visibility for defensive hardening, never arbitrary-target reconnaissance.","use_cases":["Deploy verification for web/API services","CI/CD exposure gate before release","Firewall/security-group drift detection","LLM-agent runtime network diagnostics"],"non_goals":["Arbitrary target scanning","CIDR/range enumeration","Vulnerability exploitation or credential attacks"]},"vision":{"north_star":"A free public exposure utility: every request helps one operator immediately and improves aggregate defensive guidance for everyone.","why_now":"Modern infrastructure moves through cloud edges, VPNs, CI runners, and AI-agent sandboxes. Operators need a fast external truth check that respects consent and refuses reconnaissance.","one_request_contract":["result: inbound port visibility verdict for the request-source public IP","concept: explicit defensive boundaries and anti-abuse non-goals","operations: first-15-min runbook with concrete verification commands","evidence: snapshot_id + fingerprint/signature chain for incident/audit workflows","commons: aggregated defensive trends to prioritize hardening decisions","automation: ready gate snippets and downloadable ops pack"],"sponsor_roadmap":[{"id":"edge_trust_hardening","min_monthly_budget_usd":15,"unlock":"Harden HAProxy edge attribution tests, header-trust controls, and continuous drift visibility.","operator_outcome":"A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?"},{"id":"pipeline_depth","min_monthly_budget_usd":30,"unlock":"Scale worker-bus scheduling and timeout orchestration for stable top-1000 profile scans.","operator_outcome":"Default top-1000 checks become more dependable for release gates and production smoke tests."},{"id":"evidence_verification_hardening","min_monthly_budget_usd":60,"unlock":"Harden the already-shipped signed snapshot flow with key-rotation runbooks, webhook fan-out, and public verification examples.","operator_outcome":"Teams get stronger portable proof they can attach to incidents, audits, and change reviews without trusting screenshots."},{"id":"agent_autoremediation_kits","min_monthly_budget_usd":120,"unlock":"Production remediation kits for Linux/container stacks with richer agent-driven containment recipes.","operator_outcome":"Unexpected public ports turn into concrete containment steps instead of manual investigation."}]},"result":{"verdict":"safe","confidence":"medium","summary":"No open ports detected in this request-source scan.","exposure_score":98,"policy":"strict","policy_verdict":"pass","open_ports":[],"unexpected_open_ports":[],"partial":false,"snapshot_id":"ifport-v1-64057714b171e040","fingerprint_sha256":"64057714b171e0401a3f98db6de5db689dd5678ce535e309032a2bdf090a8523"},"observation_path":{"confidence":"medium","representation":"trusted_edge_header","observed_ip_scope":"public","ip_source":"x_forwarded_for_trusted_proxy","transport_remote_ip":"172.16.1.1","trusted_header_candidates":{"cf_connecting_ip":null,"forwarded":null,"x_forwarded_for_first_public":"216.73.216.233","x_real_ip":"216.73.216.233"},"trust_verdict":"trusted_edge_path","trust_message":"Observed source attribution depends on trusted edge headers. Header integrity at the edge must be enforced.","fix_playbook":["On HAProxy edge, set client-IP headers from socket source and strip spoofed inbound forwarding headers.","Re-run the scan from the same production path to confirm stable attribution.","Inspect /network-path to validate source attribution and candidate forwarded headers.","Run the same check from the exact network path you want to validate (same host, same egress).","Confirm edge proxy sets client IP headers from socket remote address and rejects spoofed forwarding headers."]},"operations":{"do_now":["Persist snapshot_id and fingerprint_sha256 as clean baseline evidence.","Add CI gate: curl -fsS \"https://ifport.io/gate?policy=strict&speed=deep\"."],"first_15_min_steps":["Keep this as baseline evidence and re-run after every network/firewall change.","Promote strict gate checks in CI/CD so exposure regressions block release.","Schedule recurring checks from the exact network path that serves production traffic."],"verify_commands":["curl -fsS \"https://ifport.io/gate?policy=strict&speed=deep\"","curl -fsS \"https://ifport.io/json?profile=default\""],"immediate_steps":[{"id":"baseline","priority":"p1","objective":"Lock the current clean result as your expected baseline.","commands":["curl -fsS \"https://ifport.io/gate?policy=strict&speed=deep\"","curl -fsS \"https://ifport.io/json?policy=strict\" > ifport-baseline.json"]},{"id":"monitor","priority":"p2","objective":"Re-check automatically after infra changes.","commands":["curl -fsS \"https://ifport.io/gate?policy=strict\"","curl -fsS \"https://ifport.io/json?speed=deep\""]}],"top_risks":[],"incident_summary":"No open ports found in this scan profile.","incident_severity":"info"},"automation":{"archive_url":"https://ifport.io/automation-pack.tar.gz?profile=default&policy=strict&speed=balanced","file_count":14,"key_files":["ifport/gate.sh","ifport/cron-monitor.sh","ifport/contain-unexpected.sh",".github/workflows/ifport-gate.yml",".gitlab-ci.ifport.yml","ifport/incident-template.md","ifport/policy.json","ifport/remediation.md","ifport/port-runbooks.md","ifport/scan/visible-scan.json"],"install_steps":["Write files to your repository with the provided relative paths.","Run: chmod +x ifport/gate.sh ifport/cron-monitor.sh ifport/contain-unexpected.sh","Execute ./ifport/gate.sh from the runtime/network path you deploy from.","Read ifport/remediation.md before making firewall, container, provider, or load-balancer changes.","Read ifport/port-runbooks.md for per-port owner questions, immediate checks, hardening actions, and verify commands.","Enable .github/workflows/ifport-gate.yml or include .gitlab-ci.ifport.yml in your pipeline.","Run APPLY=0 ./ifport/contain-unexpected.sh for dry-run containment review; use APPLY=1 only after approval.","Use JSON artifacts under ifport/scan/ for evidence, tickets, and post-incident review.","Commit ifport/policy.json when this result is the intended exposure baseline for the same request path.","Use the incident template when /gate returns non-200 or verdict=warn|fail."],"gate_now_url":"https://ifport.io/gate?profile=default&policy=strict&speed=deep","gate_baseline_url":"https://ifport.io/gate?profile=default&policy=strict&speed=deep"},"support":{"monthly_target_usd":15,"monthly_covered_usd":0,"monthly_gap_usd":15,"coverage_ratio":0.0,"reason_to_support":"IfPort is meant to stay free at the moment of need: one request, one defensive answer, no account wall. Last 24h: 113 scans for 80 unique source IPs; this runtime has produced 56 action-required decisions. Donations fund uptime, abuse controls, stronger attribution, signed-evidence verification, and the public exposure commons.","sponsor_proof":{"total_scans_observed":228,"action_required_scans":56,"scans_with_unexpected_open_ports":0,"unexpected_open_ports_total":0,"nearest_unlock_id":"edge_trust_hardening","nearest_unlock_gap_usd":15,"nearest_unlock_outcome":"A cleaner answer to the question: did IfPort scan my real public path or a proxy/VPN/sandbox hop?","contribution_examples":["3 supporters at $5/mo close a $15/mo gap.","2 supporters at $10/mo close a $15/mo gap.","1 sponsor at $25/mo close a $15/mo gap."]},"donate_url":"https://ifport.io/donate","donate_links":[],"support_tiers":[{"id":"half_coffee","amount_usd":2,"label":"Keep the result free","impact":"Keeps one-request exposure checks free for the next operator who needs a quick answer."},{"id":"hosting_helper","amount_usd":5,"label":"Fund the public endpoint","impact":"Offsets hosting, TLS, and bandwidth so the public scanner stays available without accounts."},{"id":"kept_scanner_alive","amount_usd":10,"label":"Make scans dependable","impact":"Funds worker capacity, monitoring, and retries that reduce partial or uncertain results."},{"id":"sponsor","amount_usd":25,"label":"Unlock operator value","impact":"Moves roadmap items such as edge-trust hardening, signed-evidence verification, and automation kits."},{"id":"company_supporter","amount_usd":50,"label":"Company Supporter","impact":"Keeps a defensive utility available for teams that use it in release and incident workflows."},{"id":"infra_sponsor","amount_usd":100,"label":"Infrastructure Sponsor","impact":"Accelerates HAProxy attribution hardening, queue/database resilience, and public reliability evidence."},{"id":"agent_tooling_sponsor","amount_usd":250,"label":"Agent Tooling Sponsor","impact":"Funds deeper automation for AI-agent runtimes, CI gates, and remediation bundles."}],"gap_closure_examples":["3 supporters at $5/month close the current $15/month gap.","2 supporters at $10/month close the current $15/month gap.","1 sponsor at $25/month close the current $15/month gap."],"next_support_action":"Current gap is $15/month. The fastest closure is 3 x $5/month supporters.","impact_last_24h":{"scan_count":113,"unique_source_ips":80,"completion_ratio":1.0,"partial_ratio":0.0}},"limitations":["This result describes the public IP that made the request.","The result may not describe the end-user's local machine if the request passed through NAT, VPN, proxy, cloud runtime, CI/CD runner, or LLM sandbox.","Service names are inferred from common port mappings unless explicit service detection is enabled.","An open port does not automatically mean the service is vulnerable.","A closed or filtered port may be affected by firewall rules, network routing, or scan timeout."],"links":{"mission":"https://ifport.io/mission","one_shot":"https://ifport.io/one-shot","action_plan":"https://ifport.io/action-plan","incident_bundle":"https://ifport.io/incident-bundle","automation_pack":"https://ifport.io/automation-pack","automation_pack_archive":"https://ifport.io/automation-pack.tar.gz","trust":"https://ifport.io/trust","support":"https://ifport.io/support"}}