CSINT Open Source Intelligence

Passive internet check

Internet Check Desk

Read domain, IP, and service traces from Shodan data. Keep evidence separate from interpretation, uncertainty, and safe report language.

Domain / IPEvidence cardsQuery builderTLS tracesFacet dashboard

Domain / IP check

Turn passive traces into report notes.

Enter a domain or IP. Read visible Shodan traces as evidence, interpretation, uncertainty, and a safe recommendation.

Input

Public limit: 12 live lookups per minute through the proxy. Results are visibility notes, not final proof.

Passive summary

ornek-kurum.test

Demo data - not a real-time Shodan result.

Demo dataMay 15, 2026, 08:00 PM

IP

203.0.113.42

ASN

AS64500

Organization

Ornek Kurum Test Agi

Country

Turkey

Visible ports

80, 443, 25

Hostnames

portal.ornek-kurum.test, mail.ornek-kurum.test

Services

3 traces

Last update

May 12, 2026, 12:30 PM

Service traces

Ports, products, TLS, HTTP, and hostnames.

443/tcp

nginx 1.24.x

visible trace

Hostname: portal.ornek-kurum.test

HTTP: Portal - nginx

TLS: TLSv1.2, TLSv1.3

Observed: May 12, 2026, 12:30 PM

80/tcp

nginx

visible trace

Hostname: portal.ornek-kurum.test

HTTP: Redirect - nginx

TLS: Not visible

Observed: May 12, 2026, 12:28 PM

25/tcp

Postfix 3.x

visible trace

Hostname: mail.ornek-kurum.test

HTTP: Not visible

TLS: Not visible

Observed: May 12, 2026, 01:14 AM

Evidence cards

Finding, evidence, interpretation, uncertainty, and report language.

Finding

ornek-kurum.test has passive internet visibility in Shodan data.

Source

Shodan host/domain data

Evidence

IP: 203.0.113.42 - ASN: AS64500 - Org: Ornek Kurum Test Agi - Country: Turkey - Ports: 80, 443, 25

Interpretation

These records summarize what Shodan observed. They do not prove ownership, current reachability, or risk by themselves.

Uncertainty

The data depends on Shodan observation time. Services may have changed, closed, or moved.

Safe recommendation

Compare with the authorized asset inventory and review unexpected services with the service owner.

Report sentence

Shodan data shows visible service traces for ornek-kurum.test; this should be treated as passive visibility and checked against the authorized inventory.

Finding

nginx 1.24.x is visible on 443/tcp.

Source

Shodan service banner data

Evidence

Port: 443/tcp - Observed: May 12, 2026, 12:30 PM - Hostname: portal.ornek-kurum.test - TLS: TLSv1.2 - Title: Portal

Interpretation

This shows a visible service trace at Shodan observation time. Product or version data is not vulnerability proof.

Uncertainty

Banner data can be old, incomplete, or misleading. Live state and ownership require separate authorized checks.

Safe recommendation

Match the service with inventory, review unexpected exposure, and avoid unauthorized testing.

Report sentence

Shodan data shows nginx 1.24.x on 443/tcp; write this as a visible configuration trace, not as a confirmed vulnerability.

Finding

nginx is visible on 80/tcp.

Source

Shodan service banner data

Evidence

Port: 80/tcp - Observed: May 12, 2026, 12:28 PM - Hostname: portal.ornek-kurum.test - Title: Redirect

Interpretation

This shows a visible service trace at Shodan observation time. Product or version data is not vulnerability proof.

Uncertainty

Banner data can be old, incomplete, or misleading. Live state and ownership require separate authorized checks.

Safe recommendation

Match the service with inventory, review unexpected exposure, and avoid unauthorized testing.

Report sentence

Shodan data shows nginx on 80/tcp; write this as a visible configuration trace, not as a confirmed vulnerability.

Finding

Postfix 3.x is visible on 25/tcp.

Source

Shodan service banner data

Evidence

Port: 25/tcp - Observed: May 12, 2026, 01:14 AM - Hostname: mail.ornek-kurum.test

Interpretation

This shows a visible service trace at Shodan observation time. Product or version data is not vulnerability proof.

Uncertainty

Banner data can be old, incomplete, or misleading. Live state and ownership require separate authorized checks.

Safe recommendation

Match the service with inventory, review unexpected exposure, and avoid unauthorized testing.

Report sentence

Shodan data shows Postfix 3.x on 25/tcp; write this as a visible configuration trace, not as a confirmed vulnerability.

Query builder

Build defensive Shodan queries.

Use these only for owned assets, authorized inventory, training, or high-level trend checks.

hostname:portal.example.org

What it shows

Service banners associated with a specific hostname.

What it does not show

Ownership, authorization, or current reachability.

When to use it

Checking owned or authorized hostnames.

How to write it

Shodan hostname results were reviewed as passive visibility traces.

Turkey exposure dashboard

Trend view, not a target list.

This section reads Shodan facet statistics as visibility trends. It does not list individual targets.

Demo data128,940 recordsMay 15, 2026, 08:00 PM

Demo data - not a real-time Shodan result.

Common ports

44342,120
8038,440
2219,810
259,120

Service products

nginx21,210
Apache httpd17,780
OpenSSH15,140
Microsoft IIS8,430

TLS versions

TLSv1.327,100
TLSv1.224,820
TLSv1940

Cloud providers

Amazon15,920
Cloudflare14,110
Google6,220
Microsoft5,890

Markdown output

Copy a careful report note.

The wording avoids vulnerability-confirmed language and keeps passive visibility separate from interpretation.