Software Development

Web applications, mobile, e-commerce and custom software projects.

ReactNode.jsMobile

SEO & Optimization

Organic traffic growth, technical SEO, content strategy and analytics.

Technical SEOContentAnalytics

API & Integration

REST API, webhook infrastructure, payment and shipping integrations.

REST APIWebhookOAuth
View all services Get free consultation

Web Hosting

cPanel management panel, SSD storage, free SSL certificate

Get a Quote

VPS Server

NVMe SSD, full root access, DDoS protection included

Get a Quote
Popular

Dedicated Server

Fully dedicated physical server, unlimited traffic

Get a Quote

Domain & SSL

Domain registration, transfer and Wildcard SSL certificates

Get a Quote

Why KEYDAL?

  • 99.9% uptime guarantee
  • Istanbul data center
  • 24/7 support
  • Free migration service
Get a quote

Projelerimiz

kSvSecurity, kAI, kMusic ve daha fazlası.

About Us

Meet KEYDAL. Our vision, team and journey.

Contact

Tell us about your project, get a custom quote.
Contracts
Privacy Policy Terms of Service SLA Agreement Data Protection Notice Cookie Policy
01 Home
Software Development SEO & Optimization API & Integration
Web Hosting VPS Server Dedicated Server Domain & SSL
04 KEYDAL Projects 05 Tools 06 Blog
About Us Contact Contracts
Get a Quote
Blog / guvenlik

BTK Lookup Guide: Website Access Blocks, Line and Operator Queries in Turkey

pillar 26 min read May 2, 2026
Founder of KEYDAL · Full-stack developer

Anyone in Turkey who wants to find out whether a domain has been blocked from access, which carrier a GSM number is currently tied to, or which autonomous system an IP address belongs to will eventually run into the BTK lookup ecosystem. The Information and Communication Technologies Authority is an independent administrative body that regulates a broad area spanning telecommunications and internet content moderation, and it offers a series of official lookup services to end users and infrastructure operators alike.

This guide brings together every scattered lookup channel — from website access block query pages to the number portability database, from the USOM malicious URL list to the application screens on e-Devlet — into a single reference. Which query answers which question, what legal basis and technical infrastructure run behind the scenes, and what concrete steps a system administrator should follow to actually confirm a blocked domain — we cover all of it with hands-on commands and screen flows.

Related guides: Domain lookup tools · DNS settings guide · HTTPS and TLS 1.3 · OWASP Top 10 2026 · DDoS protection guide

The Information and Communication Technologies Authority is an independent administrative body that took its current name and expanded mandate with Law No. 5809 on Electronic Communications, published in 2008. Reporting to the Presidency within Turkey's administrative structure and governed by a 7-member board, it used to be associated with the older Telecommunications Authority and its more advanced content monitoring arm, the Telecommunications Communications Directorate (TİB). When TİB was shut down in 2016 by Decree-Law No. 671, a significant portion of its powers was transferred directly to BTK's senior councils; the colloquial expressions tib kontrol and tib kt, still used today, in practice correspond to today's BTK Access Providers Association processes.

The authority's mandate rests on four main pillars: electronic communications (fixed and mobile telephony, internet access, cable broadcasting), spectrum management (frequency allocation, GSM licensing), consumer rights, and finally internet content regulation. The legal backbone of this last pillar is Law No. 5651, dating from 2007. It defines four actors — content provider, hosting provider, access provider, and mass-use provider — and sets out, article by article, the conditions under which each can be held liable.

Access blocking decisions come from three different sources. Court decisions are issued following individual applications or requests from the Office of the Public Prosecutor. Administrative measure decisions can be issued directly by the BTK President when one of the catalog offenses listed in Articles 8 and 8/A of Law 5651 is at stake (child abuse, incitement to suicide, public health, national security, etc.). The third type is the 24-hour emergency measure issued under Article 9/A in cases involving privacy violations. The enforcement of these decisions is distributed to all internet service providers through the Access Providers Association (ESB).

Site Lookup: Determining Whether a Domain Is Blocked

In practice, the most common need is this: a user can't reach a site and wants to figure out whether it's a technical glitch, an ISP DNS cache issue, or an actual access block. To answer this question definitively, four different official channels can be consulted in turn: BTK Sitesorgu, the e-Devlet Access Block Lookup, the ESB Access Block search page, and the Güvenli Net portal.

None of these surfaces show identical data. Some decisions, even when issued by a court, may exclude publication of the ruling itself; others, applied as administrative measures, are issued without publishing the rationale. That's why cross-checking through multiple channels is a fundamental rule of journalistic and legal practice.

BTK Sitesorgu — internet.btk.gov.tr/sitesorgu

This is an openly accessible query page running on the authority's official subdomain internet.btk.gov.tr/sitesorgu. You enter a domain name or an IPv4 address; in the background, public WHOIS, RDAP, and reverse DNS records are queried, after which the page lists whether the domain or IP falls under an active access block decision. The authority explicitly states that the information is compiled from publicly available sources and therefore its accuracy is not guaranteed — meaning the output alone does not carry sufficient legal evidentiary weight.

A typical sitesorgu output contains three sections: a WHOIS summary (registrant, registration date, name servers), IP/location data (autonomous system, country code), and decision status (no block / access blocked under existing decision). When this last line appears, it means the domain is covered by an active decision delivered to ISPs through ESB.

Access Block Lookup via e-Devlet

turkiye.gov.tr/esb-web-sitesi-erisim-engeli-sorgulama is a closed service that requires e-Devlet identity verification. After signing in with your Turkish ID number and e-Devlet password, mobile signature, e-signature, smart card, or internet banking, you can query a domain. Unlike BTK sitesorgu, the result returned here includes the decision's number, date, and the issuing authority; from the same session you can move on to the Application to Object to an Access Block Decision service.

Information about which site has been blocked under what rationale is, by law, confidential in administrative measure decisions. For this reason, even an e-Devlet query may return only a generic statement such as access blocked due to a catalog offense; for the detailed rationale, the case must be taken to the Magistrates' Court at the objection stage.

Verification from the Command Line

As a system administrator, confirming the output of official query pages requires independent checks at the DNS, HTTP, and TLS layers. If a domain is blocked, the typical pattern on Turkish ISPs is that the DNS response is tampered with, an SNI-based RST is sent, or the connection is dropped via TCP RESET. The commands below help you separate these three layers.

If three different resolvers return different IPs, either CDN geo-routing is in play or there's interference at the DNS layer. In Turkey's typical DNS-based blocking, all records are redirected to BTK's warning page at addresses like 195.175.254.2. With SNI-based blocking, DNS returns the correct response but the TCP handshake is cut off with an RST during the TLS ClientHello step; this is easy to spot when inspected with Wireshark. For more detailed DNS analysis, see our DNS settings and changing them guide.

Law No. 5651, the Law on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications, has been amended at least ten times since it took effect in 2007. The legal basis for access blocking is concentrated in Articles 8, 8/A, and 9. Article 8 defines catalog offenses (sexual abuse of children, obscenity, incitement to suicide, gambling, crimes against Atatürk, and so on). Article 8/A authorizes the BTK President to take measures within 4 hours upon request from the President or a designated ministry on grounds of national security and public order.

Articles 9 and 9/A apply to violations of personal rights or privacy; in both, decisions are made by Magistrates' Courts of Peace, and under 9/A, BTK must apply a precautionary block within 24 hours and submit it for judicial approval within another 24 hours at most. Without that approval, the decision lapses automatically.

All decisions issued under this law are enforced through the Access Providers Association. ESB, established by statute through the 2014 amendment, is a private legal entity with mandatory membership; every internet service provider is a member. Once decisions reach ESB, ISPs must enforce them technically within 4 hours. Sites covered by a decision then become visible on access block lookup portals.

The Difference Between Administrative Blocking and Court Decisions

In user practice, distinguishing between the two types of blocking matters because the objection procedures differ. For a block based on a court decision, you have 7 days to object before the relevant Magistrates' Court. For administrative measures, you have 30 days to file an objection with the duty Magistrates' Court of Peace in Ankara; as an exception, decisions under Article 9/A require approval from the Magistrates' Court of Peace.

  • Court decision: The decree shows who blocked the content, when, and on what grounds; more transparent than administrative measures.
  • Administrative measure: The rationale of decisions issued under 8/A is confidential; only the catalog offense ground is shown.
  • Emergency 9/A decision: A 24-hour interim measure; it lapses automatically if no judicial approval follows.
  • URL-based blocking: Possible after the 2014 amendment — instead of the entire site, only the offending URL can be blocked.
  • Content removal: Instead of access blocking, the content provider may be asked to remove the content within 24 hours.

You can tell which article applies from the decision number returned by the e-Devlet query: in BTK's internal numbering, identifiers prefixed with 490. point to Article 8/A files, while those prefixed with 491. point to Article 9 objection files; this coding can change from period to period.

USOM Malicious URL List: A Data Stream Independent of BTK

USOM (the National Cyber Incident Response Center), Turkey's national CERT, was established within BTK in 2014. It coordinates all sectoral SOMEs (Cyber Incident Response Teams) operating in Turkey and publishes a publicly accessible malicious URL list at usom.gov.tr/adres. This list is different from access blocks under Law 5651: rather than a legal ban, it's a threat intelligence feed against malicious URLs.

The list contains phishing domains, malware C2 servers, sites distributing crypto miners, fake e-Devlet pages, and fraud campaigns. It is published in TXT, RSS, and API formats; banks, public agencies, and large ISPs auto-subscribe to it in their DNS firewalls and block malicious traffic at the source. As a system administrator, the USOM list serves as the most up-to-date reference for a significant share of the threats we cover in OWASP Top 10 2026.

The USOM list is updated multiple times a day; in production systems it's common practice to fetch it via cron job at 1-6 hour intervals. To request removal of a domain from the list, reach out to iletisim@usom.gov.tr; you may be asked to provide a cleanup report for the URL (for example, a clean result from Sucuri SiteCheck or Google Safe Browsing).

Güvenli Net and Family Profiles: The Consumer Side

BTK's Güvenli Net service for individual users is a DNS filtering service with three profiles — Child, Family, and Standard. It runs on the infrastructure of Access Providers Association members; subscription is free. The Child profile uses a whitelist approach, allowing only domains that have been approved by the authority; the Family profile is blacklist-based; and the Standard profile only blocks sites that fall under Law 5651.

This service is a filtering layer independent of Law 5651 access blocks. That is, when you subscribe to a profile other than Standard, your access may be cut off because the site is on Güvenli Net's internal list, even without a BTK decision. The user query page guvenlinet.org.tr/sorgula shows under which profile a domain is blocked.

BTK Operator Lookup: Which Carrier Owns the Number?

With Mobile Number Portability (MNP) coming into effect in Turkey in 2008, a GSM number can switch carriers, so identifying its real operator from the prefix is no longer reliable. A number starting with the 0531 Turkcell prefix may have been ported to Türk Telekom Mobile or Vodafone. That's why the need for BTK operator lookup shows up daily for end users and SMS-sending organizations alike.

Official lookups happen through three channels: BTK Number Portability Lookup on e-Devlet, the NTS Türkiye database (nts.gov.tr), and operators' subscriber services directly. The e-Devlet query requires login with a Turkish ID number; it returns the current operator of a phone number and its last porting date.

NTS Türkiye Database

NTS (Number Portability System) is a central database operated with shared funding from GSM operators. All porting transactions reflect into NTS within 24 hours. SMS, call routing, and roaming scenarios between operators are resolved by querying this central database. For this reason, organizations using SMS APIs save money on misrouted-delivery fees by performing an NTS query before every send.

Direct access to the NTS API is open only to licensed operators and large SMS gateways; smaller organizations typically obtain this service through intermediary SMS providers. The cost per query ranges from roughly ₺0.003-0.02 (around $0.0001-0.0007 USD; approximate, varies by provider, 2026 figures).

BTK Line Lookup

In practice the phrase BTK line lookup points to two different scenarios: first, querying via e-Devlet which person owns a GSM line (all lines registered to that user), and second, BTK fixed-line lookup, which identifies the operator providing the infrastructure of a fixed telephone line. The first requires identity verification, the second is used for infrastructure checks.

The Mobile Line Lookup service on e-Devlet lists all active and passive GSM lines registered under a person's Turkish ID number. This feature is a critical tool for personal data protection: if someone has fraudulently opened a line using your identity, you can detect it through this query and submit an Unauthorized Line Notification through the same portal.

BTK Infrastructure Lookup: What Speed Should You Expect?

The BTK infrastructure lookup service shows the available DSL, fiber, and cable internet infrastructure types and the maximum speed cap for an address. Turkey's main infrastructure owners are Türk Telekom (FTTC/FTTH/VDSL/ADSL), TurkNet (in regions where it has laid its own fiber), Superonline (on its own GPON), and KabloNet. More than one infrastructure type may exist at the same address; checking before signing a contract is essential.

  • FTTH (Fiber to the Home): Fiber all the way to the home. Typical speeds 100 Mbps - 10 Gbps. Latency 1-5 ms. Recommended for gaming and VoIP, where the lowest latency matters.
  • FTTC + VDSL2: Fiber to the street cabinet, copper for the last meters into the home. Typically 25-100 Mbps. Up to 200 Mbps with vectoring.
  • ADSL2+: All copper. 4-24 Mbps; degrades with distance. No new lines are being provisioned, but legacy lines remain in service.
  • GPON (Passive Optical Network): A single fiber is shared between 32-128 subscribers. Down/up ratios may be asymmetric.
  • DOCSIS 3.1 cable: Cable TV infrastructure. 100-1000 Mbps; sensitive to congestion on the same node.

BTK's infrastructure map at kapsamasiteknolojikibilgi.btk.gov.tr shows these options for a given home or business address. The same page hosts an internet speed test link; the measurement reference points are physically located in Turkey, so they alone don't reflect access to overseas CDNs. For a deeper analysis of page speed and real user performance, see our Core Web Vitals 2026 article.

BTK Registration Lookup: IMEI and Device Records

Under the heading of BTK registration lookup, the most common need is checking IMEI registration status. Every mobile phone brought into Turkey must be registered with BTK; otherwise it is cut off from GSM networks after 120 days. The relevant services on e-Devlet are:

  • IMEI Lookup: Returns whether a 15-digit IMEI is registered in Turkey.
  • IMEI-MSISDN Pairing: Whether the phone has been paired with the first number it was used with (the 120-day rule for foreign IMEIs starts from this step).
  • My Registered Devices: Lists all device IMEIs registered to a Turkish ID.
  • My Registration Allowance: The remaining annual IMEI registration quota (one separate device per calendar year).
  • Lost/Stolen Notification: The IMEI goes onto the blacklist and is rejected on all GSM networks.

The technical infrastructure for IMEI lookups is built on GSMA's CEIR (Central Equipment Identity Register) standard. Turkey's CEIR implementation runs as the Mobile Device Registration System (MCKS) and is also synchronized with GSMA. Attempts to swap or clone IMEIs from abroad are caught by automatic flagging when a single MSISDN is detected with two different IMEIs.

BTK Banned Sites List: Transparency and Limits

There is no consolidated, official list under the heading of btk banned sites or btk ban list that many users search for. The blacklist published by ESB is not public; only individual domain-by-domain queries are possible. This is a deliberate trade-off built into the law's transparency-confidentiality balance: by the very nature of administrative measure decisions, publishing the list could compromise ongoing investigations.

Independent academic and civil society work (for example the EngelliWeb report from the Freedom of Expression Association) publishes annual cumulative figures; as of the end of 2024, the total number of access blocks originating in Turkey has been reported to exceed 1 million. Official BTK figures are periodically published in the Official Gazette and in the authority's annual activity reports.

BTK Reporting and Complaint Processes

Requests for content removal or access blocking are submitted through two channels. For violations of individual personality rights, the İhbar Web portal is used; the applicant must attach a signed petition with their Turkish ID, screenshots of the offending URLs, and the legal grounds.

For complaints related to the quality of telecommunications services (billing disputes, coverage, line transfers), the BTK Consumer Complaint System is used. This was established to monitor service-level agreements that operators must comply with, and administrative fines may be imposed for breaches.

Full List of BTK Services on e-Devlet

BTK's services on e-Devlet now exceed 30. The classification below groups the most commonly used ones, and may change throughout the year:

  • Lookup: Mobile line, fixed line, number portability, IMEI, registered device, registration allowance, qualified e-signature certificate, coverage and internet speed, website access block.
  • Application: Subscription cancellation, subscription transfer, e-Registration approval steps, lost/stolen notification, device motherboard replacement, IMEI registration/cancellation, IMEI use preference.
  • Payment: Debt and balance lookup and payment for mobile, fixed-line, internet, and cable TV operators.
  • Other: Tariff comparison, base station measurement information, electronic document verification, internet complaints, safe internet information line, application to object to an access block decision, privacy violation complaint.

BTK Akademi: Information Security Training

BTK Akademi is the authority's free online training platform. Live since 2017, the portal offers more than 1,000 video courses, with cybersecurity, blockchain, AI, KVKK compliance, and programming fundamentals as its main themes. Certificates are issued for completed courses.

Institutionally, BTK Akademi offers free professional development to public-sector employees and produces certificates that are also recognized in the private sector. For readers who want to go deeper into information security, we recommend our OWASP Top 10 2026 and SQL injection prevention articles as complementary references.

Site Security Lookup: BTK and Third Parties

The need for site security lookup outside BTK's scope is mostly served by third-party tools. BTK sitesorgu only returns the legal block status; for site reliability lookup and safe site lookup needs, the following sources are complementary:

  • Google Safe Browsing: Malware/phishing score via transparencyreport.google.com/safe-browsing.
  • VirusTotal: Joint scanning by 70+ AV engines; URL and IP reputation score.
  • Cisco Talos Intelligence: IP/domain reputation, spam profile.
  • URLscan.io: Sandboxed browser render, fingerprint, and JS behavior.
  • WHOIS age: A registration newer than 1 month + a cheap TLD + no SSL = phishing red flag.
  • SSL certificate check: Even a valid Let's Encrypt certificate doesn't prevent phishing; pay attention to the certificate's EV/OV type and issuer.

A practical recommendation for banking and e-commerce users: before clicking a suspicious SMS or email link, verify the domain on sitesorgu, USOM, Google Safe Browsing, and VirusTotal. Any one of them on its own isn't enough; together they form a strong cross-check. For more attack types, read our XSS and CSP and JWT security pitfalls guides.

What Steps Should You Take If a Site Is Blocked?

As a site owner, if your domain has been brought under an access block decision, following the steps below in order ensures you don't miss legal deadlines and makes the technical response easier:

  • 1. Verification: Confirm the existence and number of the decision via internet.btk.gov.tr/sitesorgu and e-Devlet.
  • 2. Obtain the decision: If it comes from a court, request it from the relevant Magistrates' Court of Peace; if it's an administrative measure, request it from BTK by petition (the fastest route is often through your lawyer's UYAP access).
  • 3. Content audit: Verify whether the content covered by the decision is actually still on your site or already removed. The Wayback Machine archive can be useful as evidence.
  • 4. Removal + URL-based approach: If the content has been removed, apply to BTK for URL-based blocking. Only that URL is closed instead of the entire site.
  • 5. Objection: File an objection with the duty Magistrates' Court of Peace in Ankara within the legal deadline. Deadlines are short: 30 days for administrative measures, 7 days for court decisions.
  • 6. Technical buffer: When the block is lifted, ISP DNS caches can take 1-72 hours to clear; also invalidate your CDN cache.

Programmatic Lookup Practice for System Administrators

BTK sitesorgu is an HTML-output form page; it does not publish an official REST API. Programmatic checks therefore rely on either HTML scraping or independent signals. The script below checks a domain concurrently from four independent sources and produces a summary report.

The advantage of this approach is that it gathers signals without depending on the BTK sitesorgu page: when the IPs returned by TR DNS servers diverge from global DNS responses, blocking becomes suspect; if the HTTP response carries the signature of a warning page, the block is confirmed; and the USOM list provides an independent threat-intelligence cross-check.

Verification at the Browser and OS Level

To prove on a user's own device that a domain is genuinely blocked, local settings have to be ruled out first. Browser extensions, the hosts file, VPN connections, and the system DNS cache can all produce misleading results. First clear the DNS cache, then check the hosts file and the active resolver.

If you still can't reach the site after clearing the DNS cache and verifying the hosts file, the blocking layer lies outside the local device. In that case, connecting through a VPN is the fastest way to confirm; if the content loads through VPN but not over a direct connection, the block is at the ISP or infrastructure level.

BTK Number Portability Lookup Performance: For SMS/IVR Systems

For organizations sending high SMS volumes, NTS lookups are a critical cost line item. If a campaign goes to 1 million numbers and the portability check costs ₺0.005 per query, the additional cost adds up to ₺5,000 (around $150-170 USD at 2026 rates). To manage this cost, three practical strategies are commonly applied:

  • Cache TTL: Numbers don't get ported often; a 30-90 day cache is acceptable.
  • Bulk lookup: Bulk-query APIs that accept 10K+ numbers in a single request exist; they are 30-70% cheaper than individual queries.
  • Operator prefix estimation + verification: Statistical estimation from prior delivery data; if the error rate stays in the 3-5% range, it can be acceptable.

NTS API SLAs typically target 99.9% uptime and 200ms p99 latency. For failover, it's recommended to run the NTS query channels of two different SMS providers in parallel (falling back to the second when the first doesn't respond). For implementing a Redis-based cache in your SMS gateway design, our Redis fundamentals guide will be helpful.

Technical Enforcement of Access Blocks: An ISP-Side View

Once a 5651 decision reaches an ISP, the technical enforcement order is usually this: first, DNS RPZ (Response Policy Zone) rules are updated; second, the SNI-based Deep Packet Inspection filter is engaged; if needed, an IP-level null route is also installed. In modern Turkish ISPs all three layers run in parallel, making it difficult for users to bypass casually.

DNS RPZ alone isn't enough because users can easily switch to overseas resolvers like 1.1.1.1 or 8.8.8.8. That's why SNI inspection is layered on as the second tier: the SNI field inside the TLS ClientHello is inspected, and TCP RST is sent for blacklisted domains. To bypass this, ESNI (Encrypted SNI) or the ECH (Encrypted Client Hello) extension of TLS 1.3 is required; however, a significant portion of ISPs in Turkey deliberately do not support ECH.

When system administrators want to set up a similar filtering layer on their own corporate networks, RPZ or Pi-hole-based solutions can be combined with an Nginx reverse proxy. For detailed reverse proxy configuration, see our Nginx configuration guide.

Personal Data and Common Mistakes

Because most BTK lookup services go through e-Devlet identity verification, queries are logged with the Turkish ID number and session information; under KVKK these logs are retained for 5 years, and the e-Devlet transaction history page shows every query the user has run. The open-access internet.btk.gov.tr/sitesorgu, on the other hand, is logged based on IP address and User-Agent; these logs are shared only upon written request from official authorities.

Let's go through the common mistakes that come up repeatedly in BTK lookup processes, along with their fixes:

  • Mistake 1: Trusting the result from a single channel. Fix: Cross-check with at least two independent channels (sitesorgu + e-Devlet, or sitesorgu + an independent technical check).
  • Mistake 2: Reaching for a VPN as soon as a block is seen. Fix: First learn the rationale of the decision and preserve your right to object; a VPN only provides temporary access and doesn't change the legal situation.
  • Mistake 3: Guessing number portability based on the prefix. Fix: Query the NTS API before every send; cache TTL of 30-90 days.
  • Mistake 4: Using a 14-digit or 16-digit code in IMEI lookups. Fix: Only the 15-digit IMEI is accepted; the 16th digit (IMEISV) is not accepted in registration queries.
  • Mistake 5: Assuming an access block will lift itself once you remove the content. Fix: After removing the content you must submit a written application to BTK; otherwise the decision remains in force.
  • Mistake 6: Submitting a screenshot of the sitesorgu page as legal evidence. Fix: For official evidence, use a notary-certified determination or a signed printout obtained through e-Devlet.

Sitesorgu Data and Content Strategy: An SEO Perspective

For content creators, a domain's BTK status is not a direct ranking signal for SEO; however, it's indirectly tied to Google's safe browsing and broken links signals. If a domain cited as a source in your blog post is blocked, the link no longer truly returns 200 and user experience degrades. It's standard editorial practice to detect blocked sources through regular link audits and replace them with archive links.

For sites running e-commerce operations, there's another critical point: payment integrators (3D Secure screens, bank iframes) can mistakenly fall into the blocked category. Checking all third-party hosts on sitesorgu before sandbox testing prevents unexpected outages. For a detailed e-commerce performance guide, our e-commerce SEO and site optimization guides are good references.

Summary: Which Lookup, When?

Let's reduce the BTK lookup ecosystem to a clean decision tree. Depending on the problem you're facing, you can clearly identify which channel to use.

  • Is a domain blocked? → internet.btk.gov.tr/sitesorgu (open) + e-Devlet ESB lookup (rationale and decision number).
  • Is a URL phishing/malware? → USOM URL list + Google Safe Browsing + VirusTotal.
  • What's the carrier of a GSM number? → e-Devlet BTK Number Portability + NTS Türkiye database (via licensed channel).
  • Is fiber available at my address? → BTK Infrastructure Lookup (kapsamasiteknolojikibilgi.btk.gov.tr).
  • Is the IMEI registered? → e-Devlet BTK IMEI Lookup + My Registered Devices service.
  • How many lines are in my name? → e-Devlet BTK Mobile Line Lookup.
  • Object to a decision? → e-Devlet ESB Application to Object to an Access Block Decision.
  • Reporting a personal rights violation? → ihbarweb.org.tr + İhbarweb on e-Devlet.

Looking Ahead: ECH, DoH, DoT and Content Regulation

Academic literature ranks Turkey among the countries with the highest level of internet access blocking globally. Civic organizations such as NetBlocks and OONI Probe continuously measure ISP-level blocks and temporary outages; these reports may sometimes show small differences from official BTK queries, and independent measurement matters in sensitive journalism and legal applications.

The evolution of web infrastructure is gradually weakening BTK's classic filtering toolset. DNS over HTTPS (DoH) embeds user DNS queries inside HTTPS traffic, hiding them from the ISP; most modern browsers enable DoH by default with Cloudflare or Google resolvers. DNS over TLS (DoT) achieves the same goal over port 853 with TLS.

Encrypted Client Hello (ECH) encrypts the SNI field, rendering SNI-based filtering ineffective as well. As these standards become more widespread, the technical toolkit for content regulation narrows; on the regulatory side, alternative approaches such as direct removal by the content owner or access blocking at the application layer are coming to the fore. For the technical details of this topic, see the ECH section in our HTTPS and TLS 1.3 article.

References

Professional support for access blocks, line lookups, and infrastructure compliance audits

For website access block confirmation, decision objection support, NTS lookup integration, and corporate DNS filtering design, talk to our expert team contact us

Written by

Founder and principal engineer of KEYDAL. Serving enterprise clients in hosting, software development and SEO since 2026.

Related Articles

Readers of this article also read these

guvenlik 22 min

How to Get an SSL Certificate: Free vs Paid Options Explained

How and where to get an SSL/TLS certificate. Let's Encrypt, ZeroSSL, Sectigo and DigiCert compared. Installation with Certbot, acme.sh, cPanel and Plesk. CSR generation, Nginx TLS 1.3 config and A+ security.
guvenlik 11 min

Password Hashing: bcrypt, argon2id and scrypt Compared

Modern password hashing — bcrypt, argon2id and scrypt compared, salt, pepper, work factor tuning and Node.js / Python implementations.
guvenlik 12 min

HTTPS and TLS 1.3: Modern Web Encryption and Performance

HTTPS and TLS 1.3 — handshake tuning, cipher suite selection, HSTS, OCSP stapling, an SSL Labs A+ score and performance.
WhatsApp