Safe exposed-service scan

Online Port Scanner and Exposure Check

Check whether common ports are open before trusting a server, proxy, or account environment. The first version uses an allowlist of common ports and external probe nodes.

Check IP risk first Run network probe

Live check entry

Scan common exposed ports

Enter an IP, domain, or URL and choose allowed common ports such as SSH, HTTPS, SOCKS proxy, HTTP proxy, RDP, and alternate web ports.

22 SSH80 HTTP443 HTTPS1080 SOCKS3128 Proxy3389 RDP

Click to check the public IP, ASN, location, and basic risk signals visible to this page.

Public IP --

Location --

ASN / ISP --

Risk --

Check IP risk first

Example ping123 result screenshot

The screenshot below uses the designated sample IP 89.116.88.34, not a current visitor IP. Use it as a visual reference for the fields explained on this page.

ping123 exposed service diagnostic interface. — Open proxy, SSH, or RDP ports can change how a server or IP range is perceived.

What the scanner should and should not do

The scanner is intentionally limited to a common-port allowlist. It is meant for quick exposure checks, not broad vulnerability scanning.

External nodes perform the TCP checks. The Worker validates input, signs requests, and returns either scan results or a clear not-configured state.

What the result fields mean

Target IP, domain, or URL to scan.

Port Allowlisted service port.

Status Open, closed, filtered, or unavailable.

Service Expected common service name.

Node External scan location.

Warning Missing node, missing HMAC secret, or invalid port.

Normal signals vs. risk signals

Usually normal

Only expected web ports are open.
Proxy and RDP ports are closed unless intentionally exposed.
All locations agree on the same exposed services.
Unexpected ports are fixed before account or production use.

Needs attention

1080 or 3128 is open on an IP meant to look like a normal user exit.
3389 RDP is exposed to the public internet.
SSH is open on a server that should not be administered publicly.
External scan nodes are not configured yet.

Next action

Treat exposed ports as part of IP quality

A clean reputation score can still be risky if the IP exposes proxy, RDP, or admin ports that do not match the expected environment.

Run network probe

Fixes and next steps

DNS leak Turn on DNS leak protection in the VPN or proxy client, disable browser Secure DNS if it bypasses the tunnel, set system DNS to the provider's DNS or a trusted encrypted resolver, then rerun the DNS check.

WebRTC leak Limit or disable WebRTC direct candidates, use a browser profile that blocks WebRTC IP exposure, restart the browser, then rerun the WebRTC check before logging in.

Datacenter ASN If the task needs a consumer-looking account environment, switch from a datacenter/VPS ASN to a stable residential, mobile, or dedicated ISP exit and keep the region consistent.

Blacklist or abuse history Do not keep using a high-risk or listed IP for important accounts. Change the IP range or provider, wait for reputation to stabilize, and retest before continuing.

Timezone or language mismatch Align the IP country, system timezone, browser language, account region, and DNS/WebRTC routes so the session tells one consistent location story.

Close public admin ports that are not required.
Restrict SSH or RDP by firewall, VPN, or allowlist.
Avoid using open-proxy exits for account-sensitive work.
Retest after firewall or provider changes.

FAQ

Why only allowlisted ports?

The tool is for safe exposure checks, not broad scanning.

Can Worker scan ports directly?

The production design uses external probe nodes for TCP checks.

What does unavailable mean?

No external scan node is configured or the node could not return a result.

Before you continue

Combine exposure checks with reputation

Port exposure, IP type, abuse history, and platform-fit guidance should be read together before using an IP.

Check IP risk first Run network probe