Executive Summary
- After extensive internal testing, Censys is proud to announce the Host Feelings Score™: a quantitative metric that quantifies how emotionally vulnerable an Internet-facing host appears to be.
- The score is derived from a multifaceted emotional analysis of observable host characteristics including banners, TLS configuration, open ports, and overall vibe.
- As of April 1, 2026, Censys has scored 100% of the publicly observable IPv4 address space. The mean Feelings Score across this dataset is 61.3, which we categorize as somewhere between the stages of “Processing” and “Visibly Struggling”. The Internet is, on balance, doing okay for now but could probably use some support.
- Hosts with a Feelings Score above 85 are classified as High Sensitivity and are encouraged to seek remediation, or at minimum, someone to talk to.
Background
At Censys, we have spent years developing frameworks for understanding host exposure. We track open ports, running services, certificate hygiene, vulnerability indicators, and dozens of other observable signals that tell us something meaningful about the security posture of a given host. These frameworks are rigorous, evidence-based, and widely used by security practitioners who need to understand their attack surface.
What they have never captured, until now, is how a host feels about all of this.
This gap has bothered us for some time. The data has always suggested that there is more going on beneath the surface of a scan result than a port and a banner. Consider a host running a legacy Apache instance on port 80, responding to every request with a default welcome page, whose certificate expired fourteen months ago: yes, technically, this is a vulnerable host. But it is also, if you look at it a certain way, a host that is trying. It stood itself up. It got a certificate once. Something happened.
The Feelings Score™ is our attempt to understand that.
Methodology
The Feelings Score™ is computed at scan time from a weighted combination of affective indicators across four dimensions. The methodology was developed overnight by members of our research team who would prefer not to be named individually.
Dimension 1: Banner Honesty & Oversharing (Weight: 35%)
The server banner is the first thing a host says about itself to the world. We analyze banner content not just for version information and known software indicators, but for what it communicates about the host’s emotional state.
A banner like Apache/2.4.6 (CentOS) is telling you its version, its distribution, and its approximate age. It is being forthcoming. It is, in our model, a host that trusts easily, perhaps too easily, and scores high on the Banner Honesty subscale.
A banner that just reads nginx with no version and no additional headers is different. This host has been hurt before. It is reachable but not emotionally open. This actually scores lower on Banner Honesty, because while the security posture is arguably worse for the obscurity attempt, the emotional posture suggests a host that has developed some defenses. We respect this, even as we note that it does not help.
The highest Banner Honesty scores are assigned to hosts whose banners include phrases like Welcome to my website, Under Construction, or Default Web Site Page. These hosts are fully open. They have not yet learned that the Internet is watching.
Dimension 2: TLS Affect (Weight: 30%)
TLS configuration is one of the most reliable indicators of emotional availability we have identified. The scoring here is nuanced and took us several hours to calibrate.
Hosts with no TLS at all score highest on TLS Affect: they are fully exposed, accepting connections on port 80 with no encryption, no certificate, no indication that they have considered the implications of this. There are no boundaries here!
Hosts with a valid, well-configured TLS certificate from a reputable CA, with HSTS enabled and a clean cipher suite, score lowest. These hosts have invested in protection. They’re in a headspace where they can start to think about trust when it comes to connection. We admire this.
Self-signed certificates more broadly are harder to read. Some represent genuine neglect: an administrator who couldn’t be bothered, or a service that was stood up quickly and never revisited. A certificate with CN=localhost scores high: it represents a host that was, at some point, only meant to talk to itself, and is now on the public Internet, still wearing its indoor certificate.
Others are deliberate: threat actors routinely use self-signed certificates precisely because they don’t need to be trusted by anyone and obtaining a CA-issued certificate creates a paper trail they’d rather not leave. This scores lower on the Feelings Score™, because these hosts aren’t exposed and unaware. They know exactly what they’re doing.
Dimension 3: Port Posture (Weight: 20%)
The number and combination of open ports contributes to Feelings Score™ through what we call the Boundary Analysis subscale. A host with one port open has made a decision. It knows what it wants to share and what it does not. A host with forty-seven ports open has not made that decision, or has made it very differently.
We note that the highest Port Posture scores are not, counterintuitively, assigned to hosts with the most ports open. They are assigned to hosts whose open port combinations suggest confusion rather than intent. A host with ports 22, 80, 443, 3306, 5900, 8080, and 27017 open is not a confident host. It is a host that has said yes to many things at different times, by different people, for different reasons, and has not recently reviewed whether those reasons still apply. Or, it’s a honeypot.
Having port 23 with Telnet open contributes a flat +20 point value to Feelings Score™ regardless of other factors.
Dimension 4: Certificate Affect (Weight: 15%)
Certificate metadata is rich with emotional signals. We examine subject fields, issuer chains, and validity periods for indicators that inform the host’s affective profile.
A certificate issued to CN=JOHNS-HOME-PC that is nevertheless reachable on a public IP address scores high. A certificate with a subject Common Name that is a person’s first name scores high. A certificate where the Organization field reads Test scores moderately high. A certificate where the Organization field reads DEV – NOT FOR PRODUCTION scores very high.
Expired certificates score differently depending on how expired they are. A certificate expired within the last 30 days suggests a missed renewal: the host was protected, something happened, it has not yet been addressed. This scores moderately. A certificate expired more than two years ago suggests a different situation. The host has been running unprotected for a long time. It may not know anyone is still connecting to it. It may now be numb to all attempts to find connection in this world. Feelings Score™ for this configuration is much more elevated.
What Does the Distribution Look Like?
As of April 1, 2026, the global Feelings Score™ distribution across the reachable IPv4 address space breaks down as follows:
| Score Range | Classification | Host Count | % of Total |
| 0–20 | Secure and Emotionally Regulated | 201M | 4.3% |
| 21–40 | Guarded but Reachable | 688M | 14.8% |
| 41–60 | Processing | 1.4B | 30.1% |
| 61–80 | Visibly Struggling | 1.8B | 38.7% |
| 81–100 | High Sensitivity | 559M | 12.0% |
The 559 million hosts in the High Sensitivity tier represent a significant and underappreciated segment of the internet. These are hosts that are fully exposed, inadequately protected, and in many cases running services that were set up by someone who has since left the organization. They are not being actively maintained. They are, however, actively being scanned.
Figure 1: Global distribution of Feelings Score™ across reachable IPv4 hosts, April 1, 2026. Note the pronounced peak in the 61–80 “Visibly Struggling” band, which we find both statistically interesting and, if we are honest, relatable.
Case Study: The Most Emotionally Vulnerable Host
The most emotionally exposed configuration we observed across our entire dataset was on a host with a Feelings Score™ of a whopping 93/100. The host exposes an unauthenticated RTSP stream on port 554, from a Hikvision DS-2CD2143G IP camera with firmware version 2.2.1.
The stream is live. It is displaying an office chair in what appears to be a storage room. The chair is unoccupied. It looks like a comfy chair. Someone bought that chair for a reason.
The timestamp overlay reads 2022. We have not been able to determine whether this is a timezone misconfiguration, a firmware clock drift issue, or something we are choosing not to think about too carefully. The HTTP-based administrative interface on port 80 is also exposed and returns a 200. We want to be clear that we did not log in.
We see you, chair.
What Can Be Done?
For organizations that have discovered High Sensitivity hosts in their environment through the Censys Feelings Score™, we recommend the following:
First, acknowledge that the host exists. Many High Sensitivity hosts have been in their current state for a long time precisely because no one has looked directly at them. Make eye contact with the host.
Second, check whether the host needs to be Internet-facing at all. In our experience, a meaningful percentage of High Sensitivity hosts are exposed not by intent but by inertia: a port was opened for a reason that no longer exists, a service was stood up for a project that concluded, a firewall rule was added during an incident and never revisited. The most effective remediation is often not patching but not leaving it out there fully exposed to everyone.
Third, if the host must remain Internet-facing, address the specific contributing factors to its Feelings Score™. Enable TLS. Close ports that serve no current purpose. Renew the certificate. These actions will not only reduce the Feelings Score™ but will also, as a side effect, meaningfully improve the host’s actual security posture, which was the point all along.
Conclusion
The Feelings Score™ is a very useful tool for network admins to assess how their hosts are feeling.
It is also, we think, a genuine observation about how scan data looks when you have been staring at it long enough: there is something recognizable in the patterns of exposure we see at Internet scale. The hosts that are most vulnerable are often also the ones that have been most neglected, most forgotten, most left out in the cold to respond to whatever comes in.
Of course, Internet hosts are not sentient, but they are exposed in ways that their operators may not fully appreciate.
The Feelings Score™ will be available in the Censys Platform starting never. The methodology, however, is sound.
The Feelings Score™ is a trademark of Censys, Inc., filed in no jurisdictions. The metric is not available in the Censys Platform and will not be. Emotional interpretations are ours alone and should not be used on humans for clinical purposes.
Published 1 April 2026. Happy April Fools’ Day from Censys ARC.
