Port Scanner
Check which ports are open on your domain or server. Scans the top 100 common ports. Domain ownership verification required.
Open ports expose your server to attacks
Stay protected online with NordVPN — encrypt your traffic and hide your ports.
Sponsored · Affiliate link
You must verify domain ownership before scanning. Enter your domain to see instructions.
How to Use the Port Scanner
1. Enter your domain name (you must own this domain)
2. If this is your first scan, you will be asked to verify ownership by adding a DNS TXT record
3. Add the TXT record shown to your DNS provider, wait 30-60 seconds, then click Scan again
4. The scanner checks the top 100 most common ports in parallel
5. Results show which ports are open, filtered (blocked by firewall), or closed
6. Open ports show the service name if recognised (e.g. HTTP, HTTPS, SSH)
Frequently Asked Questions
Why do I need to verify domain ownership?
Port scanning without permission is illegal in many jurisdictions and can be considered hostile network activity. By requiring you to add a DNS TXT record, we confirm you have administrative access to the domain before scanning it. This protects both you and the targets of any scan.
What is the difference between open, closed and filtered?
Open means a service is actively listening on that port and accepting connections. Closed means no service is listening but the port is reachable — the server responded with a rejection. Filtered means a firewall is blocking the port and no response was received within the timeout period.
Why are most ports showing as filtered?
A firewall (like UFW, iptables, or a cloud provider security group) is blocking those ports. This is good security practice — you should only expose ports that are necessary for your services. Filtered ports cannot be connected to from the internet.
Is it safe to have port 22 (SSH) open?
Port 22 is SSH and is commonly left open for server administration. It is safe as long as you use key-based authentication (not passwords), have fail2ban installed to block brute force attempts, and keep your SSH software updated. Consider moving SSH to a non-standard port for additional obscurity.
What ports should I close on a web server?
A typical web server should only have ports 80 (HTTP), 443 (HTTPS) and 22 (SSH) open to the internet. Database ports like 3306 (MySQL), 5432 (PostgreSQL), 6379 (Redis) and 27017 (MongoDB) should never be exposed publicly — they should only be accessible within your private network.