SSL-Tools

SSL check results of shadowkitsune.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for shadowkitsune.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 18 Oct 2025 20:29:08 +0000

The mailservers of shadowkitsune.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @shadowkitsune.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.protonmail.ch
185.205.70.128
 10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
25 s
mail.protonmail.ch
185.70.42.128
 10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
31 s
mail.protonmail.ch
176.119.200.128
 10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
31 s
mailsec.protonmail.ch
185.205.70.129
 20
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
18 s
mailsec.protonmail.ch
185.70.42.129
 20
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
20 s
mailsec.protonmail.ch
176.119.200.129
 20
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
14 s

Outgoing Mails

We have received emails from these servers with @shadowkitsune.net sender addresses. Test mail delivery

Host TLS Version & Cipher
sender4-of-o53.zoho.com (136.143.188.53)
TLSv1.2 ECDHE-RSA-AES256-SHA384
idse.shadowkitsune.net (104.255.96.25)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=protonmail.com

Certificate chain
  • protonmail.com
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R13
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • protonmail.com
Alternative Names
  • *.pm.me
  • *.protonmail.ch
  • *.protonmail.com
  • *.protonvpn.ch
  • *.protonvpn.com
  • protonmail.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R13
validity period
Not valid before
2025-10-07
Not valid after
2026-01-05
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
18:20:AE:D5:99:DA:BC:61:8E:FA:E6:DF:29:9D:43:ED:0A:77:BE:8F:D9:2B:1F:57:E9:86:7C:52:44:81:A5:80
SHA1
90:E8:F5:15:52:FF:A9:54:D0:A0:93:A7:CF:63:4B:37:36:14:B5:C4
X509v3 extensions
subjectKeyIdentifier
  • F1:A2:0A:FF:29:EF:F8:78:84:E8:07:0C:E0:56:8A:76:64:D2:2B:A5
authorityKeyIdentifier
  • keyid:E7:AB:9F:0F:2C:33:A0:53:D3:5E:4F:78:C8:B2:84:0E:3B:D6:92:33
authorityInfoAccess
  • CA Issuers - URI:http://r13.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r13.c.lencr.org/41.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 19:86:D4:C7:28:AA:6F:FE:BA:03:6F:78:2A:4D:01:91:
  • AA:CE:2D:72:31:0F:AE:CE:5D:70:41:2D:25:4C:C7:D4
  • Timestamp : Oct 7 14:22:25.841 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:6B:4E:D6:A2:52:36:60:57:15:2D:19:74:
  • 05:6A:32:78:DB:D8:53:8B:B1:56:17:16:35:F3:06:C6:
  • AD:E8:B4:BA:02:21:00:E5:30:91:18:F9:79:AD:66:1D:
  • EF:0D:1F:F2:A7:91:73:76:8A:EA:AD:BC:AC:B7:73:AC:
  • 29:30:85:E2:C7:1E:59
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:42:C5:06:49:60:61:54:8F:0F:D4:EA:9C:FB:7A:2D:
  • 26:45:4D:87:A9:7F:2F:DF:45:59:F6:27:4F:3A:84:54
  • Timestamp : Oct 7 14:22:25.834 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:7B:18:A6:7A:C4:43:06:A4:FF:47:86:04:
  • F7:92:BD:C7:37:82:2E:75:FA:11:A3:E0:DE:AF:9D:49:
  • 7D:93:63:FE:02:21:00:88:B6:B9:C6:54:1C:B6:CE:72:
  • B5:54:A6:4A:E8:E8:7F:1D:87:C1:D1:C5:1E:11:46:95:
  • AE:32:10:DF:97:75:1E

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mail.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mailsec.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mailsec.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid