Which common ports are open
DNS & Records
DNS Lookup Every DNS record for any domain A Record Lookup IPv4 addresses for a domain AAAA Record Lookup IPv6 addresses for a domain MX Lookup Mail servers for a domain NS Lookup Authoritative name servers TXT Lookup TXT records, SPF, verification CNAME Lookup Canonical name (alias) records SOA Lookup Start of Authority record SRV Lookup Service location records CAA Lookup Which CAs may issue certificates Reverse DNS (PTR) IP address to hostname DNSSEC Check Is the domain signed and validated? DNS Health Check A full delegation & DNS report cardEmail Deliverability
SPF Check Validate your Sender Policy Framework record DMARC Check Inspect and grade your DMARC policy DKIM Check Find and validate your DKIM public key Blacklist Check Check an IP against email blocklists (DNSBLs) SMTP Test Connect to a mail server and check STARTTLS MTA-STS Check Enforced TLS policy for inbound mail BIMI Check Brand logo record for email TLS-RPT Check SMTP TLS reporting policyNetwork & Web
SSL Certificate Check Inspect a site's TLS certificate and expiry HTTP Header Check Inspect response headers, redirects and security Ping (TCP) Reachability and latency over TCP Port Check Which common ports are openDomain
WHOIS Lookup Registration data for domains, IPs and ASNsA port check tests whether specific TCP ports on a host are accepting connections. This port check tests connectivity to a fixed list of well-known TCP ports — web, mail, SSH, databases and more — and reports which are open. The port list is fixed and private addresses are blocked, so it cannot be used to scan internal networks.
A port is a numbered endpoint a server uses to separate different services on one IP address. The check attempts a TCP connection to each port in its list and watches the result: if the handshake completes, the port is open and a service is listening; if the connection is refused or times out, it is reported as closed or filtered. IPeek tests a fixed set of well-known ports such as 80 and 443 for web, 22 for SSH, 25 for mail and 3306 for MySQL, so you see which standard services a host exposes.
An open port completed the TCP handshake, meaning a service is actively listening and reachable. A closed port refused the connection: the host answered, but nothing is listening there. A filtered port gave no answer at all, usually because a firewall silently dropped the packet, so the check times out without a definitive refusal. The practical difference matters: a closed port tells you the service simply is not running, while a filtered port tells you something is deliberately blocking access before the request ever reaches the service.
Each well-known port maps to a service, so the open list is a quick inventory of what a host runs. 80 and 443 mean a web server; 22 means SSH for remote administration; 25, 465 and 587 relate to email submission and transport; 3306 is MySQL and 5432 is PostgreSQL. Seeing a database port open to the public internet is usually a red flag, since databases should sit behind a firewall. Use the results to confirm the services you expect are reachable and to spot anything exposed that should not be.
This check is deliberately limited so it cannot be misused for reconnaissance. The port list is fixed rather than user-chosen, so you cannot sweep arbitrary ranges, and requests to private and reserved address ranges are blocked outright. That means you cannot point it at internal hosts like 192.168.x.x or 10.x.x.x to map a network you do not control. The tool answers a narrow, legitimate question — which standard public services is this host exposing — without becoming a general-purpose network scanner.
An open port means a service is actively listening on it and accepted a TCP connection. For example, an open port 443 means a web server is reachable over HTTPS. Open ports are exactly what you want for services meant to be public, but an unexpectedly open port, especially a database or admin port, can signal an exposed service that should be firewalled.
A closed port actively refuses the connection: the host responds, but no service is listening there. A filtered port gives no response at all, because a firewall silently drops the request, so the check times out. Closed means nothing is running; filtered means something is deliberately blocking access before the connection can reach a service.
It checks a fixed list of well-known TCP ports for common services: web (80, 443), SSH (22), mail (25, 465, 587), and databases like MySQL (3306) and PostgreSQL (5432), among others. The list is fixed rather than user-defined, so the tool reports which standard services a host exposes rather than letting you sweep arbitrary port ranges.
No. The tool blocks private and reserved address ranges such as 192.168.x.x and 10.x.x.x, so it cannot reach hosts on an internal network. It is designed to check public-facing hosts only. To audit an internal network you control, run a dedicated scanner like nmap from inside that network, where you have authorization to do so.
Checking whether standard public services respond on a host is generally routine and low-risk, and this tool limits itself to a fixed list of well-known ports on public addresses. It does not perform aggressive or comprehensive scanning. As a courtesy and best practice, only check hosts you own or have permission to test, and use the results to secure your own services.