Check DNS, Urls + Redirects, Certificates and Content of your Website

0 in Queue, 0 of max. 8 Checks (17:06:09)
Why should you only use Prefix - Cookies? |
Hall of Fame - A+ and A

 

Shortcuts: 1. IP-Addresses | 2. DNSSEC | 3. Name Servers | 4. SOA-Entries | 5. Screenshots | 6. Url-Checks | 7. Comments | 8. Connections | 9. Certificates | 10. CT-Logs | 11. Html-Content | 12. Html-Parsing | 13. NameServer-IPAddresses | 14. CAA | 15. TXT | 16. DomainServiceEntries | 17. Cipher Suites | 18. Portchecks |

 

A+

 

Top configuration, no warnings +Preload

 

Checked:
04.04.2025 11:27:37

 

Older results

No older results found

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
tunnelbear.com
A
104.17.154.236
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
No Hostname found
yes
1
0

A
104.17.155.236
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
No Hostname found
yes
1
0

AAAA

yes


www.tunnelbear.com
A
104.17.154.236
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
No Hostname found
yes
1
0

A
104.17.155.236
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
No Hostname found
yes
1
0

AAAA

yes


*.tunnelbear.com
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






 Status: Valid because published






4 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 26470, Flags 256






Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 53148, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.04.2025, 00:00:00 +, Signature-Inception: 01.04.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: com

com
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=






1 RRSIG RR to validate DS RR found






RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.04.2025, 05:00:00 +, Signature-Inception: 04.04.2025, 04:00:00 +, KeyTag 53148, Signer-Name: (root)






 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 53148 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 13, KeyTag 23202, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.04.2025, 14:02:35 +, Signature-Inception: 02.04.2025, 13:57:35 +, KeyTag 19718, Signer-Name: com






 Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: tunnelbear.com

tunnelbear.com
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest Ie7B4aLWIe157Zur9lfsBs/T96Cly9cHKkiMmmUawbo=






1 RRSIG RR to validate DS RR found






RRSIG-Owner tunnelbear.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 08.04.2025, 01:48:21 +, Signature-Inception: 01.04.2025, 00:38:21 +, KeyTag 23202, Signer-Name: com






 Status: Good - Algorithmus 13 and DNSKEY with KeyTag 23202 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 13, KeyTag 34505, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner tunnelbear.com., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.05.2025, 23:34:47 +, Signature-Inception: 15.03.2025, 23:34:47 +, KeyTag 2371, Signer-Name: tunnelbear.com






 Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "Ie7B4aLWIe157Zur9lfsBs/T96Cly9cHKkiMmmUawbo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone






RRSIG Type 1 validates the A - Result: 104.17.154.236 104.17.155.236
Validated: RRSIG-Owner tunnelbear.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






RRSIG Type 16 validates the TXT - Result: v=spf1 include:mailgun.org include:_spf.google.com -all google-site-verification=8KK0ArPmx5iqGML5QZFaQai-9oaUZONUbGru7_o_OjY google-site-verification=K8wsXL5V8bgH5GfNwFgnyjiVpBC5TT_d6lGkJ2LrKkU google-site-verification=sUNMDHMkA2_Wb1OznpzFZ4mFArWjUvlx0M_bBSV489Q atlassian-domain-verification=g24UbjATAVr9Vt3V7xBXVIeHVyPJnAB+hn0w9OrXWB/NFIZ/GW0s4t0pStndBrRK
Validated: RRSIG-Owner tunnelbear.com., Algorithm: 13, 2 Labels, original TTL: 120 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






CNAME-Query sends a valid NSEC RR as result with the query name "tunnelbear.com" equal the NSEC-owner "tunnelbear.com" and the NextOwner "\000.tunnelbear.com". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, 53, HIP, CDS, CDNSKEY, 61, 64, 65, URI, CAA Validated: RRSIG-Owner tunnelbear.com., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.






AAAA-Query sends a valid NSEC RR as result with the query name "tunnelbear.com" equal the NSEC-owner "tunnelbear.com" and the NextOwner "\000.tunnelbear.com". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, 53, HIP, CDS, CDNSKEY, 61, 64, 65, URI, CAA Validated: RRSIG-Owner tunnelbear.com., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.






TLSA-Query (_443._tcp.tunnelbear.com) sends a valid NSEC RR as result with the query name "_443._tcp.tunnelbear.com" equal the NSEC-owner "_443._tcp.tunnelbear.com" and the NextOwner "\000._443._tcp.tunnelbear.com". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC, 128 Validated: RRSIG-Owner _443._tcp.tunnelbear.com., Algorithm: 13, 4 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.






CAA-Query sends a valid NSEC RR as result with the query name "tunnelbear.com" equal the NSEC-owner "tunnelbear.com" and the NextOwner "\000.tunnelbear.com". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, 53, HIP, CDS, CDNSKEY, 61, 64, 65, URI Validated: RRSIG-Owner tunnelbear.com., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.



Zone: www.tunnelbear.com

www.tunnelbear.com
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.tunnelbear.com" and the NextOwner "\000.www.tunnelbear.com". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA






RRSIG Type 1 validates the A - Result: 104.17.154.236 104.17.155.236
Validated: RRSIG-Owner www.tunnelbear.com., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






CNAME-Query sends a valid NSEC RR as result with the query name "www.tunnelbear.com" equal the NSEC-owner "www.tunnelbear.com" and the NextOwner "\000.www.tunnelbear.com". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner www.tunnelbear.com., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.






TXT-Query sends a valid NSEC RR as result with the query name "www.tunnelbear.com" equal the NSEC-owner "www.tunnelbear.com" and the NextOwner "\000.www.tunnelbear.com". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner www.tunnelbear.com., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.






AAAA-Query sends a valid NSEC RR as result with the query name "www.tunnelbear.com" equal the NSEC-owner "www.tunnelbear.com" and the NextOwner "\000.www.tunnelbear.com". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner www.tunnelbear.com., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.






TLSA-Query (_443._tcp.www.tunnelbear.com) sends a valid NSEC RR as result with the query name "_443._tcp.www.tunnelbear.com" equal the NSEC-owner "_443._tcp.www.tunnelbear.com" and the NextOwner "\000._443._tcp.www.tunnelbear.com". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC, 128 Validated: RRSIG-Owner _443._tcp.www.tunnelbear.com., Algorithm: 13, 5 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.






CAA-Query sends a valid NSEC RR as result with the query name "www.tunnelbear.com" equal the NSEC-owner "www.tunnelbear.com" and the NextOwner "\000.www.tunnelbear.com". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner www.tunnelbear.com., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 05.04.2025, 10:27:46 +, Signature-Inception: 03.04.2025, 08:27:46 +, KeyTag 34505, Signer-Name: tunnelbear.com






Status: Good. NoData-Proof required and found.

 

3. Name Servers

DomainNameserverNS-IP
www.tunnelbear.com
  may.ns.cloudflare.com

tunnelbear.com
  may.ns.cloudflare.com
108.162.192.135
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.

 
172.64.32.135
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.

 
173.245.58.135
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.

 
2606:4700:50::adf5:3a87
Montreal/Quebec/Canada (CA) - Cloudflare, Inc.

 
2803:f800:50::6ca2:c087
San José/Provincia de San José/Costa Rica (CR) - Cloudflare, Inc.

 
2a06:98c1:50::ac40:2087
London/England/United Kingdom (GB) - Cloudflare, Inc.

  theo.ns.cloudflare.com
108.162.193.144
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.

 
172.64.33.144
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.

 
173.245.59.144
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.

 
2606:4700:58::adf5:3b90
Montreal/Quebec/Canada (CA) - Cloudflare, Inc.

 
2803:f800:50::6ca2:c190
San José/Provincia de San José/Costa Rica (CR) - Cloudflare, Inc.

 
2a06:98c1:50::ac40:2190
London/England/United Kingdom (GB) - Cloudflare, Inc.
com
  a.gtld-servers.net


  b.gtld-servers.net


  c.gtld-servers.net


  d.gtld-servers.net


  e.gtld-servers.net


  f.gtld-servers.net


  g.gtld-servers.net


  h.gtld-servers.net


  i.gtld-servers.net


  j.gtld-servers.net


  k.gtld-servers.net


  l.gtld-servers.net


  m.gtld-servers.net

 

4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1743758833
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:11


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1743758848
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:2


Domain:tunnelbear.com
Zone-Name:tunnelbear.com
Primary:may.ns.cloudflare.com
Mail:dns.cloudflare.com
Serial:2368209657
Refresh:10000
Retry:2400
Expire:604800
TTL:1800
num Entries:12


Domain:www.tunnelbear.com
Zone-Name:tunnelbear.com
Primary:may.ns.cloudflare.com
Mail:dns.cloudflare.com
Serial:2368209657
Refresh:10000
Retry:2400
Expire:604800
TTL:1800
num Entries:1


5. Screenshots

Startaddress: https://www.tunnelbear.com/, address used: https://www.tunnelbear.com/, Screenshot created 2025-04-04 11:29:03 +00:0

 

Mobil (412px x 732px)

 

1098 milliseconds

 

Screenshot mobile - https://www.tunnelbear.com/
Mobil + Landscape (732px x 412px)

 

1078 milliseconds

 

Screenshot mobile landscape - https://www.tunnelbear.com/
Screen (1280px x 1680px)

 

1283 milliseconds

 

Screenshot Desktop - https://www.tunnelbear.com/

 

Mobile- and other Chrome-Checks


widthheight
visual Viewport396732
content Size3966040

 

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://tunnelbear.com/
104.17.154.236
301
https://tunnelbear.com/
Html is minified: 109.15 %
0.104
A
Date: Fri, 04 Apr 2025 09:28:16 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Location: https://tunnelbear.com/
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc6503c7ee50e-TXL
Alt-Svc: h3=":443"
Content-Type: text/html
Content-Length: 167
Expires: Fri, 04 Apr 2025 10:28:16 GMT

• http://tunnelbear.com/
104.17.155.236
301
https://tunnelbear.com/
Html is minified: 109.15 %
0.023
A
Date: Fri, 04 Apr 2025 09:28:16 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Location: https://tunnelbear.com/
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc650e9dce52e-TXL
Alt-Svc: h3=":443"
Content-Type: text/html
Content-Length: 167
Expires: Fri, 04 Apr 2025 10:28:16 GMT

• http://www.tunnelbear.com/
104.17.154.236
301
https://www.tunnelbear.com/
Html is minified: 109.15 %
0.013
A
Date: Fri, 04 Apr 2025 09:28:16 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Location: https://www.tunnelbear.com/
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc6512f7de50e-TXL
Alt-Svc: h3=":443"
Content-Type: text/html
Content-Length: 167
Expires: Fri, 04 Apr 2025 10:28:16 GMT

• http://www.tunnelbear.com/
104.17.155.236
301
https://www.tunnelbear.com/
Html is minified: 109.15 %
0.017
A
Date: Fri, 04 Apr 2025 09:28:16 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Location: https://www.tunnelbear.com/
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc6514b01e52e-TXL
Alt-Svc: h3=":443"
Content-Type: text/html
Content-Length: 167
Expires: Fri, 04 Apr 2025 10:28:16 GMT

• https://tunnelbear.com/
104.17.154.236
301
https://www.tunnelbear.com/
Html is minified: 109.15 %
2.907
A
Date: Fri, 04 Apr 2025 09:28:16 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Location: https://www.tunnelbear.com/
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc651ac46aca4-TXL
Alt-Svc: h3=":443"
Content-Type: text/html
Content-Length: 167
Expires: Fri, 04 Apr 2025 10:28:16 GMT

• https://tunnelbear.com/
104.17.155.236
301
https://www.tunnelbear.com/
Html is minified: 109.15 %
2.843
A
Date: Fri, 04 Apr 2025 09:28:21 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Location: https://www.tunnelbear.com/
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc66eec1fe516-TXL
Alt-Svc: h3=":443"
Content-Type: text/html
Content-Length: 167
Expires: Fri, 04 Apr 2025 10:28:21 GMT

• https://www.tunnelbear.com/
104.17.154.236 br used - 7850 / 40099 - 80.42 %
200

Html is minified: 120.87 %
3.126
A
Date: Fri, 04 Apr 2025 09:28:26 GMT
Connection: keep-alive
Accept-Ranges: bytes
Age: 91144
Cache-Control: public, must-revalidate, max-age=0
cache-status: "Netlify Edge"; hit
ETag: "061765db8a61a2b1ad125ca8670feb0c-ssl-df"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
x-nf-request-id: 01JR022N1YGRTYCXACFCABC5VR
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc68bf9044528-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Content-Length: 7850
Content-Encoding: br

• https://www.tunnelbear.com/
104.17.155.236 br used - 7813 / 40099 - 80.52 %
200

Html is minified: 120.87 %
2.896
A
Date: Fri, 04 Apr 2025 09:28:31 GMT
Connection: keep-alive
Accept-Ranges: bytes
Age: 89829
Cache-Control: public, must-revalidate, max-age=0
cache-status: "Netlify Edge"; hit
ETag: "061765db8a61a2b1ad125ca8670feb0c-ssl-df"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
x-nf-request-id: 01JR022SM1EEYDM8Q2WKTAAYQH
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc6aa49ba6a77-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Content-Length: 7813
Content-Encoding: br

• http://tunnelbear.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.17.154.236
404


0.270
A
Not Found
Visible Content:
Date: Fri, 04 Apr 2025 09:28:35 GMT
Connection: keep-alive
Age: 0
Cache-Control: no-store
Cache-Status: "Netlify Edge"; fwd=miss
X-Nf-Request-Id: 01JR022Y6QY7T55DT329B5G39K
cf-cache-status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc6c719c4e50e-TXL
Alt-Svc: h3=":443"
Content-Length: 0

• http://tunnelbear.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.17.155.236
404


0.450
A
Not Found
Visible Content:
Date: Fri, 04 Apr 2025 09:28:36 GMT
Connection: keep-alive
Age: 0
Cache-Control: no-store
Cache-Status: "Netlify Edge"; fwd=miss
X-Nf-Request-Id: 01JR022YMR0DYT99GR43YX1A6G
cf-cache-status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc6c8ef72e52e-TXL
Alt-Svc: h3=":443"
Content-Length: 0

• http://www.tunnelbear.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.17.154.236
404


0.163
A
Not Found
Visible Content:
Date: Fri, 04 Apr 2025 09:28:36 GMT
Connection: keep-alive
Age: 0
Cache-Control: no-store
Cache-Status: "Netlify Edge"; fwd=miss
X-Nf-Request-Id: 01JR022YWNDJ6X1GE7F0MHPB9Z
cf-cache-status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc6cbebede50e-TXL
Alt-Svc: h3=":443"
Content-Length: 0

• http://www.tunnelbear.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.17.155.236
404


0.166
A
Not Found
Visible Content:
Date: Fri, 04 Apr 2025 09:28:36 GMT
Connection: keep-alive
Age: 0
Cache-Control: no-store
Cache-Status: "Netlify Edge"; fwd=miss
X-Nf-Request-Id: 01JR022Z2AZ5JRCGMA2Z23EKQ3
cf-cache-status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 92afc6cd0d65e52e-TXL
Alt-Svc: h3=":443"
Content-Length: 0

• https://104.17.154.236/
104.17.154.236
403

Html is minified: 110.22 %
2.920
N
Forbidden
Certificate error: RemoteCertificateNameMismatch
Server: cloudflare
Date: Fri, 04 Apr 2025 09:28:36 GMT
Connection: keep-alive
CF-RAY: 92afc6cebedbe51d-TXL
Content-Type: text/html
Content-Length: 151

• https://104.17.155.236/
104.17.155.236
403

Html is minified: 110.22 %
2.880
N
Forbidden
Certificate error: RemoteCertificateNameMismatch
Server: cloudflare
Date: Fri, 04 Apr 2025 09:28:41 GMT
Connection: keep-alive
CF-RAY: 92afc6ec1fc6e525-TXL
Content-Type: text/html
Content-Length: 151

 

7. Comments


1. General Results, most used to calculate the result

Aname "tunnelbear.com" is domain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 105479 (complete: 270180)
AGood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: tunnelbear.com has 2 different ip addresses (authoritative).
AGood: Minimal 2 ip addresses per domain name found: www.tunnelbear.com has 2 different ip addresses (authoritative).
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: tunnelbear.com has no ipv6 address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: www.tunnelbear.com has no ipv6 address.
AGood: No asked Authoritative Name Server had a timeout
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: www is preferred
AGood: No cookie sent via http.
AGood: HSTS has preload directive
AExcellent: Domain is in the Google-Preload-List
AExcellent: Domain is in the Mozilla/Firefox-Preload-List
AHSTS-Preload-Status: Preloaded. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
https://104.17.154.236/ 104.17.154.236


Url with incomplete Content-Type - header - missing charset
https://104.17.155.236/ 104.17.155.236


Url with incomplete Content-Type - header - missing charset
Ahttp://tunnelbear.com/ 104.17.154.236
301
https://tunnelbear.com/
Correct redirect http - https with the same domain name
Ahttp://tunnelbear.com/ 104.17.155.236
301
https://tunnelbear.com/
Correct redirect http - https with the same domain name
Ahttp://www.tunnelbear.com/ 104.17.154.236
301
https://www.tunnelbear.com/
Correct redirect http - https with the same domain name
Ahttp://www.tunnelbear.com/ 104.17.155.236
301
https://www.tunnelbear.com/
Correct redirect http - https with the same domain name
Mhttps://104.17.154.236/ 104.17.154.236
403

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://104.17.155.236/ 104.17.155.236
403

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://104.17.154.236/ 104.17.154.236
403

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://104.17.155.236/ 104.17.155.236
403

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain tunnelbear.com, 2 ip addresses.
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.tunnelbear.com, 2 ip addresses.
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain tunnelbear.com, 2 ip addresses, 1 different http results.
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain www.tunnelbear.com, 2 ip addresses, 1 different http results.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.tunnelbear.com

2. Header-Checks

Awww.tunnelbear.com 104.17.154.236
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
X-Frame-Options
Ok: Header without syntax errors found: SAMEORIGIN
B

Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
X-Xss-Protection
Ok: Header without syntax errors found: 1; mode=block
B

Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
Awww.tunnelbear.com 104.17.155.236
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
X-Frame-Options
Ok: Header without syntax errors found: SAMEORIGIN
B

Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
X-Xss-Protection
Ok: Header without syntax errors found: 1; mode=block
B

Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
Fwww.tunnelbear.com 104.17.154.236
Content-Security-Policy
Critical: Missing Header:
Fwww.tunnelbear.com 104.17.154.236
Referrer-Policy
Critical: Missing Header:
Fwww.tunnelbear.com 104.17.154.236
Permissions-Policy
Critical: Missing Header:
Bwww.tunnelbear.com 104.17.154.236
Cross-Origin-Embedder-Policy
Info: Missing Header
Bwww.tunnelbear.com 104.17.154.236
Cross-Origin-Opener-Policy
Info: Missing Header
Bwww.tunnelbear.com 104.17.154.236
Cross-Origin-Resource-Policy
Info: Missing Header
Fwww.tunnelbear.com 104.17.155.236
Content-Security-Policy
Critical: Missing Header:
Fwww.tunnelbear.com 104.17.155.236
Referrer-Policy
Critical: Missing Header:
Fwww.tunnelbear.com 104.17.155.236
Permissions-Policy
Critical: Missing Header:
Bwww.tunnelbear.com 104.17.155.236
Cross-Origin-Embedder-Policy
Info: Missing Header
Bwww.tunnelbear.com 104.17.155.236
Cross-Origin-Opener-Policy
Info: Missing Header
Bwww.tunnelbear.com 104.17.155.236
Cross-Origin-Resource-Policy
Info: Missing Header

3. DNS- and NameServer - Checks

AInfo:: 7 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 2 Name Servers.
AInfo:: 7 Queries complete, 7 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
Ok (4 - 8):: An average of 3.5 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 2 different Name Servers found: may.ns.cloudflare.com, theo.ns.cloudflare.com, 2 Name Servers included in Delegation: may.ns.cloudflare.com, theo.ns.cloudflare.com, 2 Name Servers included in 1 Zone definitions: may.ns.cloudflare.com, theo.ns.cloudflare.com, 1 Name Servers listed in SOA.Primary: may.ns.cloudflare.com.
AGood: Only one SOA.Primary Name Server found.: may.ns.cloudflare.com.
AGood: SOA.Primary Name Server included in the delegation set.: may.ns.cloudflare.com.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: may.ns.cloudflare.com, theo.ns.cloudflare.com
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 2 different Name Servers found
Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 2 Name Servers, 1 Top Level Domain: com
Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: cloudflare.com
AGood: Name servers with different Country locations found: 2 Name Servers, 3 Countries: CA, CR, GB
AInfo: Ipv4-Subnet-list: 6 Name Servers, 3 different subnets (first Byte): 108., 172., 173., 3 different subnets (first two Bytes): 108.162., 172.64., 173.245., 6 different subnets (first three Bytes): 108.162.192., 108.162.193., 172.64.32., 172.64.33., 173.245.58., 173.245.59.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: IPv6-Subnet-list: 6 Name Servers with IPv6, 3 different subnets (first block): 2606:, 2803:, 2a06:, 3 different subnets (first two blocks): 2606:4700:, 2803:f800:, 2a06:98c1:, 4 different subnets (first three blocks): 2606:4700:0050:, 2606:4700:0058:, 2803:f800:0050:, 2a06:98c1:0050:, 4 different subnets (first four blocks): 2606:4700:0050:0000:, 2606:4700:0058:0000:, 2803:f800:0050:0000:, 2a06:98c1:0050:0000:
AGood: Name Server IPv6 addresses from different subnets found.
AGood: Nameserver supports TCP connections: 12 good Nameserver
AGood: Nameserver supports Echo Capitalization: 12 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 12 good Nameserver
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
https://www.tunnelbear.com/ 104.17.154.236
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://www.tunnelbear.com/ 104.17.155.236
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 93297 milliseconds, 93.297 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
tunnelbear.com
104.17.154.236
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
tunnelbear.com
104.17.154.236
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.tunnelbear.com


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


tunnelbear.com
104.17.155.236
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

tunnelbear.com
104.17.155.236
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.tunnelbear.com


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


www.tunnelbear.com
104.17.154.236
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.tunnelbear.com
104.17.154.236
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.tunnelbear.com


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


www.tunnelbear.com
104.17.155.236
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.tunnelbear.com
104.17.155.236
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.tunnelbear.com


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


104.17.154.236
104.17.154.236
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

104.17.154.236
104.17.154.236
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.tunnelbear.com


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


104.17.155.236
104.17.155.236
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

104.17.155.236
104.17.155.236
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.tunnelbear.com


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey

 

9. Certificates

1.
1.
CN=*.tunnelbear.com
28.06.2024
30.07.2025
expires in 79 days		*.tunnelbear.com, tunnelbear.com - 2 entries
1.
1.
CN=*.tunnelbear.com
28.06.2024

30.07.2025
expires in 79 days


*.tunnelbear.com, tunnelbear.com - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:2C6814906DDDD3B3CA4650202855C6BE
Thumbprint:3D15BA743CB5C7B8AACE5CBE69C60E01B2157131
SHA256 / Certificate:6+mAW7k9u5njBv+Rb08Bzp8XZCyTnRo8ZWEGeOdmuJE=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):15522d1cfe2c4a1783af9d4f242996005281c90242a4d6c3d07935e380e07947
SHA256 hex / Subject Public Key Information (SPKI):15522d1cfe2c4a1783af9d4f242996005281c90242a4d6c3d07935e380e07947 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=*.tunnelbear.com
28.06.2024
30.07.2025
expires in 79 days		*.tunnelbear.com, tunnelbear.com - 2 entries

2.
CN=*.tunnelbear.com
28.06.2024

30.07.2025
expires in 79 days


*.tunnelbear.com, tunnelbear.com - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:2C6814906DDDD3B3CA4650202855C6BE
Thumbprint:3D15BA743CB5C7B8AACE5CBE69C60E01B2157131
SHA256 / Certificate:6+mAW7k9u5njBv+Rb08Bzp8XZCyTnRo8ZWEGeOdmuJE=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):15522d1cfe2c4a1783af9d4f242996005281c90242a4d6c3d07935e380e07947
SHA256 hex / Subject Public Key Information (SPKI):15522d1cfe2c4a1783af9d4f242996005281c90242a4d6c3d07935e380e07947 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018
01.01.2031
expires in 2060 days

3.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018

01.01.2031
expires in 2060 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:7D5B5126B476BA11DB74160BBC530DA7
Thumbprint:33E4E80807204C2B6182A3A14B591ACD25B5F0DB
SHA256 / Certificate:f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
SHA256 hex / Subject Public Key Information (SPKI):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




4.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018
01.01.2031
expires in 2060 days

4.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018

01.01.2031
expires in 2060 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:7D5B5126B476BA11DB74160BBC530DA7
Thumbprint:33E4E80807204C2B6182A3A14B591ACD25B5F0DB
SHA256 / Certificate:f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
SHA256 hex / Subject Public Key Information (SPKI):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




5.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
01.02.2010
19.01.2038
expires in 4635 days

5.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
01.02.2010

19.01.2038
expires in 4635 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:01FD6D30FCA3CA51A81BBC640E35032D
Thumbprint:2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
SHA256 / Certificate:55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=
SHA256 hex / Cert (DANE * 0 1):e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SHA256 hex / Subject Public Key Information (SPKI):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:





6.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
12.03.2019
01.01.2029
expires in 1330 days

6.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
12.03.2019

01.01.2029
expires in 1330 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:3972443AF922B751D7D36C10DD313595
Thumbprint:D89E3BD43D5D909B47A18977AA9D5CE36CEE184C
SHA256 / Certificate:aLnHYSGaWx8BMXhEdGZdthu9sQngDwXKn3QkTuX19Ss=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SHA256 hex / Subject Public Key Information (SPKI):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.comodoca.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




7.
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
01.01.2004
01.01.2029
expires in 1330 days

7.
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
01.01.2004

01.01.2029
expires in 1330 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:01
Thumbprint:D1EB23A46D17D68FD92564C2F1F1601764D8E349
SHA256 / Certificate:16eg+11+JzHXcelITrze9x1fDD4KKUh4K8g+4OppnvQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3
SHA256 hex / Subject Public Key Information (SPKI):bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=R10, O=Let's Encrypt, C=US
0
1
3
CN=WR1, O=Google Trust Services, C=US
0
1
2
CN=WE1, O=Google Trust Services, C=US
0
1
2
CN=E5, O=Let's Encrypt, C=US
0
1
2
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester
0
1
1
CN=E6, O=Let's Encrypt, C=US
0
0
1

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
9881771220
precert		CN=WE1, O=Google Trust Services, C=US
2025-03-23 08:59:06
2025-06-21 09:58:53
*.tunnelbear.com, tunnelbear.com - 2 entries


9881792256
precert		CN=WR1, O=Google Trust Services, C=US
2025-03-23 08:58:47
2025-06-21 09:57:16
*.tunnelbear.com, tunnelbear.com - 2 entries


9881774156
leaf cert		CN=E5, O=Let's Encrypt, C=US
2025-03-23 08:53:55
2025-06-21 08:53:54
*.tunnelbear.com, tunnelbear.com - 2 entries


9881641952
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-03-23 08:42:05
2025-06-21 08:42:04
*.tunnelbear.com, tunnelbear.com - 2 entries


9468346715
leaf cert		CN=E6, O=Let's Encrypt, C=US
2025-02-10 20:04:22
2025-05-11 20:04:21
*.tunnelbear.com, email.mail.tunnelbear.com, tunnelbear.com - 3 entries


9468346081
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-02-10 20:04:20
2025-05-11 20:04:19
*.tunnelbear.com, email.mail.tunnelbear.com, tunnelbear.com - 3 entries


9298739474
leaf cert		CN=E5, O=Let's Encrypt, C=US
2025-01-23 08:34:03
2025-04-23 08:34:02
*.tunnelbear.com, tunnelbear.com - 2 entries


9298418920
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-01-23 07:44:16
2025-04-23 07:44:15
*.tunnelbear.com, tunnelbear.com - 2 entries


9297887357
precert		CN=WE1, O=Google Trust Services, C=US
2025-01-23 06:19:02
2025-04-23 07:18:52
*.tunnelbear.com, tunnelbear.com - 2 entries


9297888968
precert		CN=WR1, O=Google Trust Services, C=US
2025-01-23 06:18:46
2025-04-23 07:16:59
*.tunnelbear.com, tunnelbear.com - 2 entries


7597945105
leaf cert		CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester
2024-06-28 00:00:00
2025-07-29 23:59:59
*.tunnelbear.com, tunnelbear.com - 2 entries


 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found

 

11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404

 

12. Html-Parsing via https://validator.w3.org/nu/

Url used (first standard-https-result with http status 200): https://www.tunnelbear.com/

Summary

Good: No non-document-errors
18 errors
6 warnings

TypeMessagenum found
1.errorBad value   for attribute src on element img: Must be non-empty.11
2.errorThe itemprop attribute was specified, but the element is not a property of any item.3
3.errorAttribute ref not allowed on element meta at this point.1
4.errorElement style not allowed as child of element noscript in this context. (Suppressing further errors from this subtree.)1
5.errorAttribute v-cloak not allowed on element div at this point.1
6.errorNo p element in scope but a p end tag seen.1
7.warningThe type attribute for the style element is not needed and should be omitted.2
8.warningThe type attribute is unnecessary for JavaScript resources.2
9.warningSection lacks heading. Consider using h2-h6 elements to add identifying headings to all sections, or else use a div element instead for any cases where no heading is needed.2

Details


TypeMessage + Sample
1errorAttribute ref not allowed on element meta at this point.

From line 4, column 414 to line 4, column 471

65 2e 20"><meta name="twitter:card" content="app" ref="twitterCard"><meta
2errorThe itemprop attribute was specified, but the element is not a property of any item.

From line 4, column 1496 to line 4, column 1563

kpfjihpa"><meta itemprop="name" content="TunnelBear: Secure Password Manager"><meta
3errorThe itemprop attribute was specified, but the element is not a property of any item.

From line 4, column 1564 to line 4, column 1756

 Manager"><meta itemprop="description" content="Really simple VPN to browse the web privately &amp; securely. Unblock websites around the world with applications for Mac, PC, iOS, Android &amp; Chrome."><meta
4errorThe itemprop attribute was specified, but the element is not a property of any item.

From line 4, column 1757 to line 4, column 1860

 Chrome."><meta itemprop="image" content="https://www.tunnelbear.com/static/images/social-meta/share_graphic.jpg"><meta
5errorElement style not allowed as child of element noscript in this context. (Suppressing further errors from this subtree.)

From line 39, column 840 to line 39, column 860

<noscript><style type=text/css>[v-clo
6errorAttribute v-cloak not allowed on element div at this point.

From line 41, column 86 to line 41, column 141

/noscript><div id="app" v-cloak="" class="bg-takeover bg-regular"><div c
7errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 3588 to line 53, column 3654

img-text"><img data-v-4b9d286e="" src="" alt="" class="mobile-btn app-store"> <div
8errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 3988 to line 53, column 4015

> <!----> <img src="" alt="" class=""></pict
9errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 4321 to line 53, column 4367

img-text"><img data-v-4b9d286e="" src="" alt="" class=""> <div
10errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 4698 to line 53, column 4744

img-text"><img data-v-4b9d286e="" src="" alt="" class=""> <div
11errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 5042 to line 53, column 5088

img-text"><img data-v-4b9d286e="" src="" alt="" class=""> <div
12errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 5382 to line 53, column 5428

img-text"><img data-v-4b9d286e="" src="" alt="" class=""> <div
13errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 15076 to line 53, column 15122

g-holder"><img data-v-4b9d286e="" src="" alt="" class=""></div>
14errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 15208 to line 53, column 15254

img-text"><img data-v-4b9d286e="" src="" alt="" class=""> <div
15errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 15537 to line 53, column 15583

img-text"><img data-v-4b9d286e="" src="" alt="" class=""> <div
16errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 15858 to line 53, column 15904

img-text"><img data-v-4b9d286e="" src="" alt="" class=""> <div
17errorBad value   for attribute src on element img: Must be non-empty.

From line 53, column 16939 to line 53, column 17011

g-holder"><img data-v-4b9d286e="" src="" alt="Independently Audited Code" class=""></div>
18errorNo p element in scope but a p end tag seen.

From line 54, column 239 to line 54, column 242

</li></ul></p></div>
19warningThe type attribute for the style element is not needed and should be omitted.

From line 4, column 3872 to line 4, column 3894

"#ffffff"><style type="text/css">[v-clo
20warningThe type attribute is unnecessary for JavaScript resources.

From line 27, column 488 to line 27, column 541

;</script><script type="text/javascript" src="/static/inert.js"></scri
21warningThe type attribute is unnecessary for JavaScript resources.

From line 39, column 526 to line 39, column 641

ylesheet"><script src="https://bat.bing.com/p/action/30001174.js" type="text/javascript" async="" data-ueto="ueto_dfaf2a6bd3"></scri
22warningThe type attribute for the style element is not needed and should be omitted.

From line 39, column 840 to line 39, column 860

<noscript><style type=text/css>[v-clo
23warningSection lacks heading. Consider using h2-h6 elements to add identifying headings to all sections, or else use a div element instead for any cases where no heading is needed.

From line 53, column 427 to line 53, column 488

/section> <section data-v-4b9d286e="" id="recommended" class="bg-light"><div d
24warningSection lacks heading. Consider using h2-h6 elements to add identifying headings to all sections, or else use a div element instead for any cases where no heading is needed.

From line 54, column 5283 to line 54, column 5349

-content"><section data-v-a926ae4a="" class="banner-wrap no-padding visible"><div d

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: may.ns.cloudflare.com, theo.ns.cloudflare.com

 

QNr.DomainTypeNS used
1
com
NS
d.root-servers.net (2001:500:2d::d)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
may.ns.cloudflare.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns3.cloudflare.com, ns4.cloudflare.com, ns5.cloudflare.com, ns6.cloudflare.com, ns7.cloudflare.com

Answer: ns7.cloudflare.com
162.159.4.8, 162.159.6.6, 2400:cb00:2049:1::a29f:408, 2400:cb00:2049:1::a29f:606

Answer: ns6.cloudflare.com
162.159.3.11, 162.159.5.6, 2400:cb00:2049:1::a29f:30b, 2400:cb00:2049:1::a29f:506

Answer: ns5.cloudflare.com
162.159.2.9, 162.159.9.55, 2400:cb00:2049:1::a29f:209, 2400:cb00:2049:1::a29f:937

Answer: ns4.cloudflare.com
162.159.1.33, 162.159.8.55, 2400:cb00:2049:1::a29f:121, 2400:cb00:2049:1::a29f:837

Answer: ns3.cloudflare.com
162.159.0.33, 162.159.7.226, 2400:cb00:2049:1::a29f:21, 2400:cb00:2049:1::a29f:7e2
3
theo.ns.cloudflare.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns3.cloudflare.com, ns4.cloudflare.com, ns5.cloudflare.com, ns6.cloudflare.com, ns7.cloudflare.com

Answer: ns5.cloudflare.com
162.159.2.9, 162.159.9.55, 2400:cb00:2049:1::a29f:209, 2400:cb00:2049:1::a29f:937

Answer: ns4.cloudflare.com
162.159.1.33, 162.159.8.55, 2400:cb00:2049:1::a29f:121, 2400:cb00:2049:1::a29f:837

Answer: ns3.cloudflare.com
162.159.0.33, 162.159.7.226, 2400:cb00:2049:1::a29f:21, 2400:cb00:2049:1::a29f:7e2

Answer: ns6.cloudflare.com
162.159.3.11, 162.159.5.6, 2400:cb00:2049:1::a29f:30b, 2400:cb00:2049:1::a29f:506

Answer: ns7.cloudflare.com
162.159.4.8, 162.159.6.6, 2400:cb00:2049:1::a29f:408, 2400:cb00:2049:1::a29f:606
4
may.ns.cloudflare.com: 108.162.192.135, 172.64.32.135, 173.245.58.135
A
ns3.cloudflare.com (2400:cb00:2049:1::a29f:21)
5
may.ns.cloudflare.com: 2606:4700:50::adf5:3a87, 2803:f800:50::6ca2:c087, 2a06:98c1:50::ac40:2087
AAAA
ns3.cloudflare.com (2400:cb00:2049:1::a29f:21)
6
theo.ns.cloudflare.com: 108.162.193.144, 172.64.33.144, 173.245.59.144
A
ns3.cloudflare.com (2400:cb00:2049:1::a29f:21)
7
theo.ns.cloudflare.com: 2606:4700:58::adf5:3b90, 2803:f800:50::6ca2:c190, 2a06:98c1:50::ac40:2190
AAAA
ns3.cloudflare.com (2400:cb00:2049:1::a29f:21)

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.tunnelbear.com
0

no CAA entry found
1
0
tunnelbear.com
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
tunnelbear.com
atlassian-domain-verification=g24UbjATAVr9Vt3V7xBXVIeHVyPJnAB+hn0w9OrXWB/NFIZ/GW0s4t0pStndBrRK
ok
1
0
tunnelbear.com
google-site-verification=8KK0ArPmx5iqGML5QZFaQai-9oaUZONUbGru7_o_OjY
ok
1
0
tunnelbear.com
google-site-verification=K8wsXL5V8bgH5GfNwFgnyjiVpBC5TT_d6lGkJ2LrKkU
ok
1
0
tunnelbear.com
google-site-verification=sUNMDHMkA2_Wb1OznpzFZ4mFArWjUvlx0M_bBSV489Q
ok
1
0
tunnelbear.com
v=spf1 include:mailgun.org include:_spf.google.com -all
ok
1
0
www.tunnelbear.com

ok
1
0
_acme-challenge.tunnelbear.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.tunnelbear.com

Name Error - The domain name does not exist
1
0
_acme-challenge.tunnelbear.com.tunnelbear.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.tunnelbear.com.tunnelbear.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.tunnelbear.com.www.tunnelbear.com

Name Error - The domain name does not exist
1
0

 

16. DomainService - Entries

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
MX

tunnelbear.com
10
aspmx.l.google.com
05ok

A


142.251.168.27
01ok

AAAA


2a00:1450:400c:c0a::1b
01ok

CNAME


00ok
MX

tunnelbear.com
20
alt1.aspmx.l.google.com
05ok

A


142.250.153.27
01ok

AAAA


2a00:1450:4013:c16::1b
01ok

CNAME


00ok
MX

tunnelbear.com
30
alt2.aspmx.l.google.com
05ok

A


142.251.9.27
01ok

AAAA


2a00:1450:4025:c03::1a
01ok

CNAME


00ok
MX

tunnelbear.com
40
aspmx2.googlemail.com
05ok

A


142.250.153.27
01ok

AAAA


2a00:1450:4013:c16::1b
01ok

CNAME


00ok
MX

tunnelbear.com
50
aspmx3.googlemail.com
05ok

A


142.251.9.27
01ok

AAAA


2a00:1450:4025:c03::1a
01ok

CNAME


00ok
SPF
TXT
tunnelbear.com

v=spf1 include:mailgun.org include:_spf.google.com -all
ok

TXT
mailgun.org

v=spf1 include:_spf.mailgun.org include:_spf.eu.mailgun.org -all
ok

TXT
_spf.google.com

v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all
ok

TXT
_spf.mailgun.org

v=spf1 include:_spf1.mailgun.org include:_spf2.mailgun.org ~all
ok

TXT
_spf.eu.mailgun.org

v=spf1 ip4:141.193.32.0/23 ip4:159.135.140.80/29 ip4:159.135.132.128/25 ip4:161.38.204.0/22 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:143.55.236.0/22 ip4:198.244.60.0/22 ip4:204.220.160.0/21 ~all
ok

TXT
_netblocks.google.com

v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all
ok

TXT
_netblocks2.google.com

v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all
ok

TXT
_netblocks3.google.com

v=spf1 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ~all
ok

TXT
_spf1.mailgun.org

v=spf1 ip4:209.61.151.0/24 ip4:166.78.68.0/22 ip4:198.61.254.0/23 ip4:192.237.158.0/23 ip4:23.253.182.0/23 ip4:104.130.96.0/28 ip4:146.20.113.0/24 ip4:146.20.191.0/24 ip4:159.135.224.0/20 ip4:69.72.32.0/20 ~all
ok

TXT
_spf2.mailgun.org

v=spf1 ip4:104.130.122.0/23 ip4:146.20.112.0/26 ip4:161.38.192.0/20 ip4:143.55.224.0/21 ip4:143.55.232.0/22 ip4:159.112.240.0/20 ip4:198.244.48.0/20 ip4:204.220.168.0/21 ip4:204.220.176.0/20 ~all
ok
_dmarc
TXT
_dmarc.tunnelbear.com

v=DMARC1; p=none; pct=100; rua=mailto:re+rzjzszgwqjs@dmarc.postmarkapp.com; sp=none; aspf=r;
ok

TXT
tunnelbear.com._report._dmarc.dmarc.postmarkapp.com

mailto:re+rzjzszgwqjs@dmarc.postmarkapp.com
okMail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.

TXT
tunnelbear.com._report._dmarc.dmarc.postmarkapp.com

v=DMARC1;
okConfirmed. Sending reports to external domain is allowed.

				 
			

				 
			
17. Cipher Suites



Skipped, CDN used or too many ip addresses

				 
			
18. Portchecks



No open Ports <> 80 / 443 found, so no additional Ports checked.



				 
			

				 
			

Permalink: https://check-your-website.server-daten.de/?i=857bbcf0-648b-4213-8e3e-bd200b18b934

				 
			


Last Result: https://check-your-website.server-daten.de/?q=tunnelbear.com - 2025-04-04 11:27:37

				 
			
Do you like this page? Support this tool, add a link on your page:

				 
			
<a href="https://check-your-website.server-daten.de/?q=tunnelbear.com" target="_blank">Check this Site: tunnelbear.com</a>

				 
			

				 
			


Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

				 
			
QR-Code of this page - https://check-your-website.server-daten.de/?d=tunnelbear.com

				 
			

				 
			



Jürgen Auer • Friedenstr. 37 • 10249 Berlin • +49(0)30 420 200 60 • info@sql-und-xml.de • 
USt-IdNr.: DE221734518

				 
			


Errors, ideas, questions? Use the 
Contact form • A project using

Server-Daten - Web Database solutions